feat: migrate templates and documents to envelope model

apps/openpage-api/lib/growth/get-monthly-completed-document.ts

@@ -1,4 +1,4 @@
-import { DocumentStatus } from '@prisma/client';
+import { DocumentStatus, EnvelopeType } from '@prisma/client';
 import { DateTime } from 'luxon';
 
 import { kyselyPrisma, sql } from '@documenso/prisma';
@@ -7,18 +7,19 @@ import { addZeroMonth } from '../add-zero-month';
 
 export const getCompletedDocumentsMonthly = async (type: 'count' | 'cumulative' = 'count') => {
   const qb = kyselyPrisma.$kysely
-    .selectFrom('Document')
+    .selectFrom('Envelope')
     .select(({ fn }) => [
-      fn<Date>('DATE_TRUNC', [sql.lit('MONTH'), 'Document.updatedAt']).as('month'),
+      fn<Date>('DATE_TRUNC', [sql.lit('MONTH'), 'Envelope.updatedAt']).as('month'),
       fn.count('id').as('count'),
       fn
         .sum(fn.count('id'))
         // Feels like a bug in the Kysely extension but I just can not do this orderBy in a type-safe manner
         // eslint-disable-next-line @typescript-eslint/consistent-type-assertions, @typescript-eslint/no-explicit-any
-        .over((ob) => ob.orderBy(fn('DATE_TRUNC', [sql.lit('MONTH'), 'Document.updatedAt']) as any))
+        .over((ob) => ob.orderBy(fn('DATE_TRUNC', [sql.lit('MONTH'), 'Envelope.updatedAt']) as any))
         .as('cume_count'),
     ])
-    .where(() => sql`"Document"."status" = ${DocumentStatus.COMPLETED}::"DocumentStatus"`)
+    .where(() => sql`"Envelope"."status" = ${DocumentStatus.COMPLETED}::"DocumentStatus"`)
+    .where(() => sql`"Envelope"."type" = ${EnvelopeType.DOCUMENT}::"EnvelopeType"`)
     .groupBy('month')
     .orderBy('month', 'desc')
     .limit(12);

apps/remix/app/components/dialogs/admin-document-delete-dialog.tsx

@@ -3,7 +3,6 @@ import { useState } from 'react';
 import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
 import { Trans } from '@lingui/react/macro';
-import type { Document } from '@prisma/client';
 import { useNavigate } from 'react-router';
 
 import { trpc } from '@documenso/trpc/react';
@@ -22,10 +21,10 @@ import { Input } from '@documenso/ui/primitives/input';
 import { useToast } from '@documenso/ui/primitives/use-toast';
 
 export type AdminDocumentDeleteDialogProps = {
-  document: Document;
+  envelopeId: string;
 };
 
-export const AdminDocumentDeleteDialog = ({ document }: AdminDocumentDeleteDialogProps) => {
+export const AdminDocumentDeleteDialog = ({ envelopeId }: AdminDocumentDeleteDialogProps) => {
   const { _ } = useLingui();
   const { toast } = useToast();
 
@@ -42,7 +41,7 @@ export const AdminDocumentDeleteDialog = ({ document }: AdminDocumentDeleteDialo
         return;
       }
 
-      await deleteDocument({ id: document.id, reason });
+      await deleteDocument({ id: envelopeId, reason });
 
       toast({
         title: _(msg`Document deleted`),

apps/remix/app/components/dialogs/document-move-to-folder-dialog.tsx

@@ -81,7 +81,7 @@ export const DocumentMoveToFolderDialog = ({
     },
   );
 
-  const { mutateAsync: moveDocumentToFolder } = trpc.folder.moveDocumentToFolder.useMutation();
+  const { mutateAsync: updateDocument } = trpc.document.update.useMutation();
 
   useEffect(() => {
     if (!open) {
@@ -94,9 +94,11 @@ export const DocumentMoveToFolderDialog = ({
 
   const onSubmit = async (data: TMoveDocumentFormSchema) => {
     try {
-      await moveDocumentToFolder({
+      await updateDocument({
         documentId,
+        data: {
           folderId: data.folderId ?? null,
+        },
       });
 
       const documentsPath = formatDocumentsPath(team.url);

apps/remix/app/components/dialogs/document-resend-dialog.tsx

@@ -4,15 +4,15 @@ import { zodResolver } from '@hookform/resolvers/zod';
 import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
 import { Trans } from '@lingui/react/macro';
-import { type Recipient, SigningStatus } from '@prisma/client';
+import { type Recipient, SigningStatus, type Team, type User } from '@prisma/client';
 import { History } from 'lucide-react';
 import { useForm, useWatch } from 'react-hook-form';
 import * as z from 'zod';
 
 import { useSession } from '@documenso/lib/client-only/providers/session';
 import { getRecipientType } from '@documenso/lib/client-only/recipient-type';
-import type { TDocumentMany as TDocumentRow } from '@documenso/lib/types/document';
 import { recipientAbbreviation } from '@documenso/lib/utils/recipient-formatter';
+import type { Document } from '@documenso/prisma/types/document-legacy-schema';
 import { trpc as trpcReact } from '@documenso/trpc/react';
 import { cn } from '@documenso/ui/lib/utils';
 import { Button } from '@documenso/ui/primitives/button';
@@ -43,7 +43,11 @@ import { StackAvatar } from '../general/stack-avatar';
 const FORM_ID = 'resend-email';
 
 export type DocumentResendDialogProps = {
-  document: TDocumentRow;
+  document: Pick<Document, 'id' | 'userId' | 'teamId' | 'status'> & {
+    user: Pick<User, 'id' | 'name' | 'email'>;
+    recipients: Recipient[];
+    team: Pick<Team, 'id' | 'url'> | null;
+  };
   recipients: Recipient[];
 };
 

apps/remix/app/components/dialogs/public-profile-template-manage-dialog.tsx

@@ -4,14 +4,14 @@ import { zodResolver } from '@hookform/resolvers/zod';
 import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
 import { Plural, Trans } from '@lingui/react/macro';
-import type { Template, TemplateDirectLink } from '@prisma/client';
+import { type TemplateDirectLink, TemplateType } from '@prisma/client';
-import { TemplateType } from '@prisma/client';
 import type * as DialogPrimitive from '@radix-ui/react-dialog';
 import { CheckCircle2Icon, CircleIcon } from 'lucide-react';
 import { useForm } from 'react-hook-form';
 import { P, match } from 'ts-pattern';
 import { z } from 'zod';
 
+import { type Template } from '@documenso/prisma/types/template-legacy-schema';
 import { trpc } from '@documenso/trpc/react';
 import {
   MAX_TEMPLATE_PUBLIC_DESCRIPTION_LENGTH,

apps/remix/app/components/dialogs/template-create-dialog.tsx

@@ -54,7 +54,7 @@ export const TemplateCreateDialog = ({ folderId }: TemplateCreateDialogProps) =>
     try {
       const response = await putPdfFile(file);
 
-      const { id } = await createTemplate({
+      const { legacyTemplateId: id } = await createTemplate({
         title: file.name,
         templateDocumentDataId: response.id,
         folderId: folderId,

apps/remix/app/components/dialogs/template-direct-link-dialog-wrapper.tsx

@@ -1,9 +1,10 @@
 import { useState } from 'react';
 
 import { Trans } from '@lingui/react/macro';
-import type { Recipient, Template, TemplateDirectLink } from '@prisma/client';
+import type { Recipient, TemplateDirectLink } from '@prisma/client';
 import { LinkIcon } from 'lucide-react';
 
+import type { Template } from '@documenso/prisma/types/template-legacy-schema';
 import { Button } from '@documenso/ui/primitives/button';
 
 import { TemplateDirectLinkDialog } from '~/components/dialogs/template-direct-link-dialog';

apps/remix/app/components/dialogs/template-direct-link-dialog.tsx

@@ -3,12 +3,7 @@ import { useEffect, useMemo, useState } from 'react';
 import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
 import { Trans } from '@lingui/react/macro';
-import {
+import { type Recipient, RecipientRole, type TemplateDirectLink } from '@prisma/client';
-  type Recipient,
-  RecipientRole,
-  type Template,
-  type TemplateDirectLink,
-} from '@prisma/client';
 import { CircleDotIcon, CircleIcon, ClipboardCopyIcon, InfoIcon, LoaderIcon } from 'lucide-react';
 import { Link, useRevalidator } from 'react-router';
 import { P, match } from 'ts-pattern';
@@ -20,6 +15,7 @@ import { DIRECT_TEMPLATE_RECIPIENT_EMAIL } from '@documenso/lib/constants/direct
 import { RECIPIENT_ROLES_DESCRIPTION } from '@documenso/lib/constants/recipient-roles';
 import { DIRECT_TEMPLATE_DOCUMENTATION } from '@documenso/lib/constants/template';
 import { formatDirectTemplatePath } from '@documenso/lib/utils/templates';
+import type { Template } from '@documenso/prisma/types/template-legacy-schema';
 import { trpc as trpcReact } from '@documenso/trpc/react';
 import { AnimateGenericFadeInOut } from '@documenso/ui/components/animate/animate-generic-fade-in-out';
 import { Alert, AlertDescription, AlertTitle } from '@documenso/ui/primitives/alert';

apps/remix/app/components/dialogs/template-move-to-folder-dialog.tsx

@@ -83,7 +83,7 @@ export function TemplateMoveToFolderDialog({
     },
   );
 
-  const { mutateAsync: moveTemplateToFolder } = trpc.folder.moveTemplateToFolder.useMutation();
+  const { mutateAsync: updateTemplate } = trpc.template.updateTemplate.useMutation();
 
   useEffect(() => {
     if (!isOpen) {
@@ -96,9 +96,11 @@ export function TemplateMoveToFolderDialog({
 
   const onSubmit = async (data: TMoveTemplateFormSchema) => {
     try {
-      await moveTemplateToFolder({
+      await updateTemplate({
         templateId,
+        data: {
           folderId: data.folderId ?? null,
+        },
       });
 
       toast({

apps/remix/app/components/embed/authoring/configure-fields-view.tsx

@@ -118,6 +118,9 @@ export const ConfigureFieldsView = ({
       sendStatus: signer.disabled ? SendStatus.SENT : SendStatus.NOT_SENT,
       readStatus: signer.disabled ? ReadStatus.OPENED : ReadStatus.NOT_OPENED,
       signingStatus: signer.disabled ? SigningStatus.SIGNED : SigningStatus.NOT_SIGNED,
+
+      // Todo: Envelopes - Dummy data
+      envelopeId: '',
     }));
   }, [configData.signers]);
 

apps/remix/app/components/embed/embed-document-signing-page.tsx

@@ -15,12 +15,14 @@ import { LucideChevronDown, LucideChevronUp } from 'lucide-react';
 
 import { useThrottleFn } from '@documenso/lib/client-only/hooks/use-throttle-fn';
 import { PDF_VIEWER_PAGE_SELECTOR } from '@documenso/lib/constants/pdf-viewer';
-import type { DocumentField } from '@documenso/lib/server-only/field/get-fields-for-document';
 import { isFieldUnsignedAndRequired } from '@documenso/lib/utils/advanced-fields-helpers';
 import { validateFieldsInserted } from '@documenso/lib/utils/fields';
 import type { RecipientWithFields } from '@documenso/prisma/types/recipient-with-fields';
 import { trpc } from '@documenso/trpc/react';
-import { DocumentReadOnlyFields } from '@documenso/ui/components/document/document-read-only-fields';
+import {
+  type DocumentField,
+  DocumentReadOnlyFields,
+} from '@documenso/ui/components/document/document-read-only-fields';
 import { FieldToolTip } from '@documenso/ui/components/field/field-tooltip';
 import { Button } from '@documenso/ui/primitives/button';
 import { ElementVisible } from '@documenso/ui/primitives/element-visible';

apps/remix/app/components/general/document-signing/document-signing-auth-provider.tsx

@@ -1,6 +1,6 @@
 import { createContext, useContext, useEffect, useMemo, useState } from 'react';
 
-import { type Document, FieldType, type Passkey, type Recipient } from '@prisma/client';
+import { type Envelope, FieldType, type Passkey, type Recipient } from '@prisma/client';
 
 import type { SessionUser } from '@documenso/auth/server/lib/session/session';
 import { MAXIMUM_PASSKEYS } from '@documenso/lib/constants/auth';
@@ -26,9 +26,9 @@ type PasskeyData = {
 
 export type DocumentSigningAuthContextValue = {
   executeActionAuthProcedure: (_value: ExecuteActionAuthProcedureOptions) => Promise<void>;
-  documentAuthOptions: Document['authOptions'];
+  documentAuthOptions: Envelope['authOptions'];
   documentAuthOption: TDocumentAuthOptions;
-  setDocumentAuthOptions: (_value: Document['authOptions']) => void;
+  setDocumentAuthOptions: (_value: Envelope['authOptions']) => void;
   recipient: Recipient;
   recipientAuthOption: TRecipientAuthOptions;
   setRecipient: (_value: Recipient) => void;
@@ -61,7 +61,7 @@ export const useRequiredDocumentSigningAuthContext = () => {
 };
 
 export interface DocumentSigningAuthProviderProps {
-  documentAuthOptions: Document['authOptions'];
+  documentAuthOptions: Envelope['authOptions'];
   recipient: Recipient;
   user?: SessionUser | null;
   children: React.ReactNode;

apps/remix/app/components/general/document-signing/document-signing-reject-dialog.tsx

@@ -3,12 +3,12 @@ import { useEffect, useState } from 'react';
 import { zodResolver } from '@hookform/resolvers/zod';
 import { msg } from '@lingui/core/macro';
 import { Trans } from '@lingui/react/macro';
-import type { Document } from '@prisma/client';
 import { useForm } from 'react-hook-form';
 import { useNavigate } from 'react-router';
 import { useSearchParams } from 'react-router';
 import { z } from 'zod';
 
+import type { Document } from '@documenso/prisma/types/document-legacy-schema';
 import { trpc } from '@documenso/trpc/react';
 import { Button } from '@documenso/ui/primitives/button';
 import {

apps/remix/app/components/general/document/document-certificate-qr-view.tsx

@@ -4,6 +4,7 @@ import { Trans } from '@lingui/react/macro';
 import type { DocumentData } from '@prisma/client';
 import { DateTime } from 'luxon';
 
+import { formatDocumentsPath } from '@documenso/lib/utils/teams';
 import { trpc } from '@documenso/trpc/react';
 import { Button } from '@documenso/ui/primitives/button';
 import {
@@ -23,6 +24,7 @@ export type DocumentCertificateQRViewProps = {
   title: string;
   documentData: DocumentData;
   password?: string | null;
+  documentTeamUrl: string;
   recipientCount?: number;
   completedDate?: Date;
 };
@@ -32,29 +34,30 @@ export const DocumentCertificateQRView = ({
   title,
   documentData,
   password,
+  documentTeamUrl,
   recipientCount = 0,
   completedDate,
 }: DocumentCertificateQRViewProps) => {
-  const { data: documentUrl } = trpc.shareLink.getDocumentInternalUrlForQRCode.useQuery({
+  const { data: documentViaUser } = trpc.document.get.useQuery({
     documentId,
   });
 
-  const [isDialogOpen, setIsDialogOpen] = useState(() => !!documentUrl);
+  const [isDialogOpen, setIsDialogOpen] = useState(() => !!documentViaUser);
 
   const formattedDate = completedDate
     ? DateTime.fromJSDate(completedDate).toLocaleString(DateTime.DATETIME_MED)
     : '';
 
   useEffect(() => {
-    if (documentUrl) {
+    if (documentViaUser) {
       setIsDialogOpen(true);
     }
-  }, [documentUrl]);
+  }, [documentViaUser]);
 
   return (
     <div className="mx-auto w-full max-w-screen-md">
       {/* Dialog for internal document link */}
-      {documentUrl && (
+      {documentViaUser && (
         <Dialog open={isDialogOpen} onOpenChange={setIsDialogOpen}>
           <DialogContent>
             <DialogHeader>
@@ -72,7 +75,11 @@ export const DocumentCertificateQRView = ({
 
             <DialogFooter className="flex flex-row justify-end gap-2">
               <Button asChild>
-                <a href={documentUrl} target="_blank" rel="noopener noreferrer">
+                <a
+                  href={`${formatDocumentsPath(documentTeamUrl)}/${documentViaUser.id}`}
+                  target="_blank"
+                  rel="noopener noreferrer"
+                >
                   <Trans>Go to document</Trans>
                 </a>
               </Button>

apps/remix/app/components/general/document/document-drop-zone-wrapper.tsx

@@ -64,7 +64,7 @@ export const DocumentDropZoneWrapper = ({ children, className }: DocumentDropZon
 
       const response = await putPdfFile(file);
 
-      const { id } = await createDocument({
+      const { legacyDocumentId: id } = await createDocument({
         title: file.name,
         documentDataId: response.id,
         timezone: userTimezone, // Note: When migrating to v2 document upload remember to pass this through as a 'userTimezone' field.

apps/remix/app/components/general/document/document-page-view-button.tsx

@@ -1,7 +1,7 @@
 import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
 import { Trans } from '@lingui/react/macro';
-import type { Document, Recipient, Team, User } from '@prisma/client';
+import type { Recipient, Team, User } from '@prisma/client';
 import { DocumentStatus, RecipientRole, SigningStatus } from '@prisma/client';
 import { CheckCircle, Download, EyeIcon, Pencil } from 'lucide-react';
 import { Link } from 'react-router';
@@ -11,6 +11,7 @@ import { downloadPDF } from '@documenso/lib/client-only/download-pdf';
 import { useSession } from '@documenso/lib/client-only/providers/session';
 import { isDocumentCompleted } from '@documenso/lib/utils/document';
 import { formatDocumentsPath } from '@documenso/lib/utils/teams';
+import type { Document } from '@documenso/prisma/types/document-legacy-schema';
 import { trpc as trpcClient } from '@documenso/trpc/client';
 import { Button } from '@documenso/ui/primitives/button';
 import { useToast } from '@documenso/ui/primitives/use-toast';

apps/remix/app/components/general/document/document-page-view-dropdown.tsx

@@ -3,7 +3,7 @@ import { useState } from 'react';
 import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
 import { Trans } from '@lingui/react/macro';
-import type { Document, Recipient, Team, User } from '@prisma/client';
+import type { Recipient, Team, User } from '@prisma/client';
 import { DocumentStatus } from '@prisma/client';
 import {
   Copy,
@@ -19,6 +19,7 @@ import { Link, useNavigate } from 'react-router';
 
 import { downloadPDF } from '@documenso/lib/client-only/download-pdf';
 import { useSession } from '@documenso/lib/client-only/providers/session';
+import type { TDocument } from '@documenso/lib/types/document';
 import { isDocumentCompleted } from '@documenso/lib/utils/document';
 import { formatDocumentsPath } from '@documenso/lib/utils/teams';
 import { trpc as trpcClient } from '@documenso/trpc/client';
@@ -39,7 +40,7 @@ import { DocumentRecipientLinkCopyDialog } from '~/components/general/document/d
 import { useCurrentTeam } from '~/providers/team';
 
 export type DocumentPageViewDropdownProps = {
-  document: Document & {
+  document: TDocument & {
     user: Pick<User, 'id' | 'name' | 'email'>;
     recipients: Recipient[];
     team: Pick<Team, 'id' | 'url'> | null;

apps/remix/app/components/general/document/document-page-view-information.tsx

@@ -3,10 +3,11 @@ import { useMemo } from 'react';
 import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
 import { Trans } from '@lingui/react/macro';
-import type { Document, Recipient, User } from '@prisma/client';
+import type { Recipient, User } from '@prisma/client';
 import { DateTime } from 'luxon';
 
 import { useIsMounted } from '@documenso/lib/client-only/hooks/use-is-mounted';
+import type { Document } from '@documenso/prisma/types/document-legacy-schema';
 
 export type DocumentPageViewInformationProps = {
   userId: number;

apps/remix/app/components/general/document/document-page-view-recipients.tsx

@@ -2,7 +2,7 @@ import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
 import { Trans } from '@lingui/react/macro';
 import { DocumentStatus, RecipientRole, SigningStatus } from '@prisma/client';
-import type { Document, Recipient } from '@prisma/client';
+import type { Recipient } from '@prisma/client';
 import {
   AlertTriangle,
   CheckIcon,
@@ -19,6 +19,7 @@ import { match } from 'ts-pattern';
 import { RECIPIENT_ROLES_DESCRIPTION } from '@documenso/lib/constants/recipient-roles';
 import { isDocumentCompleted } from '@documenso/lib/utils/document';
 import { formatSigningLink } from '@documenso/lib/utils/recipients';
+import type { Document } from '@documenso/prisma/types/document-legacy-schema';
 import { CopyTextButton } from '@documenso/ui/components/common/copy-text-button';
 import { SignatureIcon } from '@documenso/ui/icons/signature';
 import { AvatarWithText } from '@documenso/ui/primitives/avatar';

apps/remix/app/components/general/document/document-upload.tsx

@@ -75,7 +75,7 @@ export const DocumentUploadDropzone = ({ className }: DocumentUploadDropzoneProp
 
       const response = await putPdfFile(file);
 
-      const { id } = await createDocument({
+      const { legacyDocumentId: id } = await createDocument({
         title: file.name,
         documentDataId: response.id,
         timezone: userTimezone, // Note: When migrating to v2 document upload remember to pass this through as a 'userTimezone' field.

apps/remix/app/components/general/template/template-drop-zone-wrapper.tsx

@@ -42,7 +42,7 @@ export const TemplateDropZoneWrapper = ({ children, className }: TemplateDropZon
 
       const documentData = await putPdfFile(file);
 
-      const { id } = await createTemplate({
+      const { legacyTemplateId: id } = await createTemplate({
         title: file.name,
         templateDocumentDataId: documentData.id,
         folderId: folderId ?? undefined,

apps/remix/app/components/general/template/template-page-view-information.tsx

@@ -3,10 +3,11 @@ import { useMemo } from 'react';
 import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
 import { Trans } from '@lingui/react/macro';
-import type { Template, User } from '@prisma/client';
+import type { User } from '@prisma/client';
 import { DateTime } from 'luxon';
 
 import { useIsMounted } from '@documenso/lib/client-only/hooks/use-is-mounted';
+import type { Template } from '@documenso/prisma/types/template-legacy-schema';
 
 export type TemplatePageViewInformationProps = {
   userId: number;

apps/remix/app/components/general/template/template-page-view-recipients.tsx

@@ -1,13 +1,14 @@
 import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
 import { Trans } from '@lingui/react/macro';
-import type { Recipient, Template } from '@prisma/client';
+import type { Recipient } from '@prisma/client';
 import { PenIcon, PlusIcon } from 'lucide-react';
 import { Link } from 'react-router';
 
 import { RECIPIENT_ROLES_DESCRIPTION } from '@documenso/lib/constants/recipient-roles';
 import { isTemplateRecipientEmailPlaceholder } from '@documenso/lib/constants/template';
 import { extractInitials } from '@documenso/lib/utils/recipient-formatter';
+import type { Template } from '@documenso/prisma/types/template-legacy-schema';
 import { AvatarWithText } from '@documenso/ui/primitives/avatar';
 
 export type TemplatePageViewRecipientsProps = {

apps/remix/app/components/tables/admin-dashboard-users-table.tsx

@@ -2,7 +2,7 @@ import { useEffect, useMemo, useState, useTransition } from 'react';
 
 import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
-import type { Document, Role, Subscription } from '@prisma/client';
+import type { Role, Subscription } from '@prisma/client';
 import { Edit, Loader } from 'lucide-react';
 import { Link } from 'react-router';
 
@@ -20,7 +20,7 @@ type UserData = {
   email: string;
   roles: Role[];
   subscriptions?: SubscriptionLite[] | null;
-  documents: DocumentLite[];
+  documentCount: number;
 };
 
 type SubscriptionLite = Pick<
@@ -28,8 +28,6 @@ type SubscriptionLite = Pick<
   'id' | 'status' | 'planId' | 'priceId' | 'createdAt' | 'periodEnd'
 >;
 
-type DocumentLite = Pick<Document, 'id'>;
-
 type AdminDashboardUsersTableProps = {
   users: UserData[];
   totalPages: number;
@@ -74,10 +72,7 @@ export const AdminDashboardUsersTable = ({
       },
       {
         header: _(msg`Documents`),
-        accessorKey: 'documents',
+        accessorKey: 'documentCount',
-        cell: ({ row }) => {
-          return <div>{row.original.documents?.length}</div>;
-        },
       },
       {
         header: '',

apps/remix/app/components/tables/settings-public-profile-templates-table.tsx

@@ -3,8 +3,7 @@ import { useMemo, useState } from 'react';
 import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
 import { Trans } from '@lingui/react/macro';
-import type { TemplateDirectLink } from '@prisma/client';
+import { type TemplateDirectLink, TemplateType } from '@prisma/client';
-import { TemplateType } from '@prisma/client';
 import { EditIcon, FileIcon, LinkIcon, MoreHorizontalIcon, Trash2Icon } from 'lucide-react';
 
 import { useCopyToClipboard } from '@documenso/lib/client-only/hooks/use-copy-to-clipboard';

apps/remix/app/components/tables/templates-table-action-dropdown.tsx

@@ -1,11 +1,12 @@
 import { useState } from 'react';
 
 import { Trans } from '@lingui/react/macro';
-import type { Recipient, Template, TemplateDirectLink } from '@prisma/client';
+import type { Recipient, TemplateDirectLink } from '@prisma/client';
 import { Copy, Edit, FolderIcon, MoreHorizontal, Share2Icon, Trash2, Upload } from 'lucide-react';
 import { Link } from 'react-router';
 
 import { useSession } from '@documenso/lib/client-only/providers/session';
+import type { Template } from '@documenso/prisma/types/template-legacy-schema';
 import {
   DropdownMenu,
   DropdownMenuContent,

apps/remix/app/routes/_authenticated+/admin+/documents.$id.tsx

@@ -1,11 +1,11 @@
 import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
 import { Trans } from '@lingui/react/macro';
-import { SigningStatus } from '@prisma/client';
+import { EnvelopeType, SigningStatus } from '@prisma/client';
 import { DateTime } from 'luxon';
 import { Link, redirect } from 'react-router';
 
-import { getEntireDocument } from '@documenso/lib/server-only/admin/get-entire-document';
+import { unsafeGetEntireEnvelope } from '@documenso/lib/server-only/admin/get-entire-document';
 import { trpc } from '@documenso/trpc/react';
 import {
   Accordion,
@@ -36,13 +36,19 @@ export async function loader({ params }: Route.LoaderArgs) {
     throw redirect('/admin/documents');
   }
 
-  const document = await getEntireDocument({ id });
+  const envelope = await unsafeGetEntireEnvelope({
+    id: {
+      type: 'documentId',
+      id,
+    },
+    type: EnvelopeType.DOCUMENT,
+  });
 
-  return { document };
+  return { envelope };
 }
 
 export default function AdminDocumentDetailsPage({ loaderData }: Route.ComponentProps) {
-  const { document } = loaderData;
+  const { envelope } = loaderData;
 
   const { _, i18n } = useLingui();
   const { toast } = useToast();
@@ -68,11 +74,11 @@ export default function AdminDocumentDetailsPage({ loaderData }: Route.Component
     <div>
       <div className="flex items-start justify-between">
         <div className="flex items-center gap-x-4">
-          <h1 className="text-2xl font-semibold">{document.title}</h1>
+          <h1 className="text-2xl font-semibold">{envelope.title}</h1>
-          <DocumentStatus status={document.status} />
+          <DocumentStatus status={envelope.status} />
         </div>
 
-        {document.deletedAt && (
+        {envelope.deletedAt && (
           <Badge size="large" variant="destructive">
             <Trans>Deleted</Trans>
           </Badge>
@@ -81,11 +87,11 @@ export default function AdminDocumentDetailsPage({ loaderData }: Route.Component
 
       <div className="text-muted-foreground mt-4 text-sm">
         <div>
-          <Trans>Created on</Trans>: {i18n.date(document.createdAt, DateTime.DATETIME_MED)}
+          <Trans>Created on</Trans>: {i18n.date(envelope.createdAt, DateTime.DATETIME_MED)}
         </div>
 
         <div>
-          <Trans>Last updated at</Trans>: {i18n.date(document.updatedAt, DateTime.DATETIME_MED)}
+          <Trans>Last updated at</Trans>: {i18n.date(envelope.updatedAt, DateTime.DATETIME_MED)}
         </div>
       </div>
 
@@ -102,12 +108,12 @@ export default function AdminDocumentDetailsPage({ loaderData }: Route.Component
               <Button
                 variant="outline"
                 loading={isResealDocumentLoading}
-                disabled={document.recipients.some(
+                disabled={envelope.recipients.some(
                   (recipient) =>
                     recipient.signingStatus !== SigningStatus.SIGNED &&
                     recipient.signingStatus !== SigningStatus.REJECTED,
                 )}
-                onClick={() => resealDocument({ id: document.id })}
+                onClick={() => resealDocument({ id: envelope.id })}
               >
                 <Trans>Reseal document</Trans>
               </Button>
@@ -123,7 +129,7 @@ export default function AdminDocumentDetailsPage({ loaderData }: Route.Component
         </TooltipProvider>
 
         <Button variant="outline" asChild>
-          <Link to={`/admin/users/${document.userId}`}>
+          <Link to={`/admin/users/${envelope.userId}`}>
             <Trans>Go to owner</Trans>
           </Link>
         </Button>
@@ -136,7 +142,7 @@ export default function AdminDocumentDetailsPage({ loaderData }: Route.Component
 
       <div className="mt-4">
         <Accordion type="multiple" className="space-y-4">
-          {document.recipients.map((recipient) => (
+          {envelope.recipients.map((recipient) => (
             <AccordionItem
               key={recipient.id}
               value={recipient.id.toString()}
@@ -161,7 +167,7 @@ export default function AdminDocumentDetailsPage({ loaderData }: Route.Component
 
       <hr className="my-4" />
 
-      {document && <AdminDocumentDeleteDialog document={document} />}
+      {envelope && <AdminDocumentDeleteDialog envelopeId={envelope.id} />}
     </div>
   );
 }

apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents.$id._index.tsx

@@ -12,7 +12,10 @@ import { getTeamByUrl } from '@documenso/lib/server-only/team/get-team';
 import { DocumentVisibility } from '@documenso/lib/types/document-visibility';
 import { logDocumentAccess } from '@documenso/lib/utils/logger';
 import { formatDocumentsPath } from '@documenso/lib/utils/teams';
-import { DocumentReadOnlyFields } from '@documenso/ui/components/document/document-read-only-fields';
+import {
+  DocumentReadOnlyFields,
+  mapFieldsWithRecipients,
+} from '@documenso/ui/components/document/document-read-only-fields';
 import { Badge } from '@documenso/ui/primitives/badge';
 import { Card, CardContent } from '@documenso/ui/primitives/card';
 import { PDFViewer } from '@documenso/ui/primitives/pdf-viewer';
@@ -54,7 +57,10 @@ export async function loader({ params, request }: Route.LoaderArgs) {
   }
 
   const document = await getDocumentWithDetailsById({
-    documentId,
+    id: {
+      type: 'documentId',
+      id: documentId,
+    },
     userId: user.id,
     teamId: team.id,
   }).catch(() => null);
@@ -171,7 +177,7 @@ export default function DocumentPage() {
 
         {document.status !== DocumentStatus.COMPLETED && (
           <DocumentReadOnlyFields
-            fields={document.fields}
+            fields={mapFieldsWithRecipients(document.fields, recipients)}
             documentMeta={documentMeta || undefined}
             showRecipientTooltip={true}
             showRecipientColors={true}

apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents.$id.edit.tsx

@@ -42,7 +42,10 @@ export async function loader({ params, request }: Route.LoaderArgs) {
   }
 
   const document = await getDocumentWithDetailsById({
-    documentId,
+    id: {
+      type: 'documentId',
+      id: documentId,
+    },
     userId: user.id,
     teamId: team.id,
   }).catch(() => null);

apps/remix/app/routes/_authenticated+/t.$teamUrl+/documents.$id.logs.tsx

@@ -2,15 +2,16 @@ import type { MessageDescriptor } from '@lingui/core';
 import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
 import { Trans } from '@lingui/react/macro';
-import type { Recipient } from '@prisma/client';
+import { EnvelopeType, type Recipient } from '@prisma/client';
 import { ChevronLeft } from 'lucide-react';
 import { DateTime } from 'luxon';
 import { Link, redirect } from 'react-router';
 
 import { getSession } from '@documenso/auth/server/lib/utils/get-session';
-import { getDocumentById } from '@documenso/lib/server-only/document/get-document-by-id';
+import { getEnvelopeById } from '@documenso/lib/server-only/envelope/get-envelope-by-id';
 import { getRecipientsForDocument } from '@documenso/lib/server-only/recipient/get-recipients-for-document';
 import { getTeamByUrl } from '@documenso/lib/server-only/team/get-team';
+import { mapSecondaryIdToDocumentId } from '@documenso/lib/utils/envelope';
 import { logDocumentAccess } from '@documenso/lib/utils/logger';
 import { formatDocumentsPath } from '@documenso/lib/utils/teams';
 import { Card } from '@documenso/ui/primitives/card';
@@ -40,13 +41,17 @@ export async function loader({ params, request }: Route.LoaderArgs) {
     throw redirect(documentRootPath);
   }
 
-  const document = await getDocumentById({
+  const envelope = await getEnvelopeById({
-    documentId,
+    id: {
+      type: 'documentId',
+      id: documentId,
+    },
+    type: EnvelopeType.DOCUMENT,
     userId: user.id,
-    teamId: team?.id,
+    teamId: team.id,
   }).catch(() => null);
 
-  if (!document || !document.documentData) {
+  if (!envelope) {
     throw redirect(documentRootPath);
   }
 
@@ -63,7 +68,19 @@ export async function loader({ params, request }: Route.LoaderArgs) {
   });
 
   return {
-    document,
+    // Only return necessary data
+    document: {
+      id: mapSecondaryIdToDocumentId(envelope.secondaryId),
+      title: envelope.title,
+      status: envelope.status,
+      user: {
+        name: envelope.user.name,
+        email: envelope.user.email,
+      },
+      createdAt: envelope.createdAt,
+      updatedAt: envelope.updatedAt,
+      documentMeta: envelope.documentMeta,
+    },
     recipients,
     documentRootPath,
   };

apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.public-profile.tsx

@@ -2,8 +2,7 @@ import { useEffect, useMemo, useState } from 'react';
 
 import { useLingui } from '@lingui/react/macro';
 import { Trans } from '@lingui/react/macro';
-import type { TemplateDirectLink } from '@prisma/client';
+import { type TemplateDirectLink, TemplateType } from '@prisma/client';
-import { TemplateType } from '@prisma/client';
 
 import { getSession } from '@documenso/auth/server/lib/utils/get-session';
 import { useSession } from '@documenso/lib/client-only/providers/session';

apps/remix/app/routes/_internal+/[__htmltopdf]+/audit-log.tsx

@@ -1,14 +1,16 @@
 import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
+import { EnvelopeType } from '@prisma/client';
 import { DateTime } from 'luxon';
 import { redirect } from 'react-router';
 
 import { DOCUMENT_STATUS } from '@documenso/lib/constants/document';
 import { APP_I18N_OPTIONS, ZSupportedLanguageCodeSchema } from '@documenso/lib/constants/i18n';
 import { RECIPIENT_ROLES_DESCRIPTION } from '@documenso/lib/constants/recipient-roles';
-import { getEntireDocument } from '@documenso/lib/server-only/admin/get-entire-document';
+import { unsafeGetEntireEnvelope } from '@documenso/lib/server-only/admin/get-entire-document';
 import { decryptSecondaryData } from '@documenso/lib/server-only/crypto/decrypt';
 import { findDocumentAuditLogs } from '@documenso/lib/server-only/document/find-document-audit-logs';
+import { mapSecondaryIdToDocumentId } from '@documenso/lib/utils/envelope';
 import { getTranslations } from '@documenso/lib/utils/i18n';
 import { Card, CardContent } from '@documenso/ui/primitives/card';
 
@@ -39,20 +41,24 @@ export async function loader({ request }: Route.LoaderArgs) {
 
   const documentId = Number(rawDocumentId);
 
-  const document = await getEntireDocument({
+  const envelope = await unsafeGetEntireEnvelope({
+    id: {
+      type: 'documentId',
       id: documentId,
+    },
+    type: EnvelopeType.DOCUMENT,
   }).catch(() => null);
 
-  if (!document) {
+  if (!envelope) {
     throw redirect('/');
   }
 
-  const documentLanguage = ZSupportedLanguageCodeSchema.parse(document.documentMeta?.language);
+  const documentLanguage = ZSupportedLanguageCodeSchema.parse(envelope.documentMeta?.language);
 
   const { data: auditLogs } = await findDocumentAuditLogs({
     documentId: documentId,
-    userId: document.userId,
+    userId: envelope.userId,
-    teamId: document.teamId,
+    teamId: envelope.teamId,
     perPage: 100_000,
   });
 
@@ -60,7 +66,20 @@ export async function loader({ request }: Route.LoaderArgs) {
 
   return {
     auditLogs,
-    document,
+    document: {
+      id: mapSecondaryIdToDocumentId(envelope.secondaryId),
+      title: envelope.title,
+      status: envelope.status,
+      user: {
+        name: envelope.user.name,
+        email: envelope.user.email,
+      },
+      recipients: envelope.recipients,
+      createdAt: envelope.createdAt,
+      updatedAt: envelope.updatedAt,
+      deletedAt: envelope.deletedAt,
+      documentMeta: envelope.documentMeta,
+    },
     documentLanguage,
     messages,
   };
@@ -90,6 +109,7 @@ export default function AuditLog({ loaderData }: Route.ComponentProps) {
       <Card>
         <CardContent className="grid grid-cols-2 gap-4 p-6 text-sm print:text-xs">
           <p>
+            {/* Todo: Envelopes - Should we should envelope ID instead here? */}
             <span className="font-medium">{_(msg`Document ID`)}</span>
 
             <span className="mt-1 block break-words">{document.id}</span>

apps/remix/app/routes/_internal+/[__htmltopdf]+/certificate.tsx

@@ -1,6 +1,6 @@
 import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
-import { FieldType, SigningStatus } from '@prisma/client';
+import { EnvelopeType, FieldType, SigningStatus } from '@prisma/client';
 import { DateTime } from 'luxon';
 import { redirect } from 'react-router';
 import { prop, sortBy } from 'remeda';
@@ -14,12 +14,13 @@ import {
   RECIPIENT_ROLES_DESCRIPTION,
   RECIPIENT_ROLE_SIGNING_REASONS,
 } from '@documenso/lib/constants/recipient-roles';
-import { getEntireDocument } from '@documenso/lib/server-only/admin/get-entire-document';
+import { unsafeGetEntireEnvelope } from '@documenso/lib/server-only/admin/get-entire-document';
 import { decryptSecondaryData } from '@documenso/lib/server-only/crypto/decrypt';
 import { getDocumentCertificateAuditLogs } from '@documenso/lib/server-only/document/get-document-certificate-audit-logs';
 import { getOrganisationClaimByTeamId } from '@documenso/lib/server-only/organisation/get-organisation-claims';
 import { DOCUMENT_AUDIT_LOG_TYPE } from '@documenso/lib/types/document-audit-logs';
 import { extractDocumentAuthMethods } from '@documenso/lib/utils/document-auth';
+import { mapSecondaryIdToDocumentId } from '@documenso/lib/utils/envelope';
 import { getTranslations } from '@documenso/lib/utils/i18n';
 import { Card, CardContent } from '@documenso/ui/primitives/card';
 import {
@@ -55,26 +56,45 @@ export async function loader({ request }: Route.LoaderArgs) {
 
   const documentId = Number(rawDocumentId);
 
-  const document = await getEntireDocument({
+  const envelope = await unsafeGetEntireEnvelope({
+    id: {
+      type: 'documentId',
       id: documentId,
+    },
+    type: EnvelopeType.DOCUMENT,
   }).catch(() => null);
 
-  if (!document) {
+  if (!envelope) {
     throw redirect('/');
   }
 
-  const organisationClaim = await getOrganisationClaimByTeamId({ teamId: document.teamId });
+  const organisationClaim = await getOrganisationClaimByTeamId({ teamId: envelope.teamId });
 
-  const documentLanguage = ZSupportedLanguageCodeSchema.parse(document.documentMeta?.language);
+  const documentLanguage = ZSupportedLanguageCodeSchema.parse(envelope.documentMeta?.language);
 
   const auditLogs = await getDocumentCertificateAuditLogs({
-    id: documentId,
+    envelopeId: envelope.id,
   });
 
   const messages = await getTranslations(documentLanguage);
 
   return {
-    document,
+    document: {
+      id: mapSecondaryIdToDocumentId(envelope.secondaryId),
+      title: envelope.title,
+      status: envelope.status,
+      user: {
+        name: envelope.user.name,
+        email: envelope.user.email,
+      },
+      qrToken: envelope.qrToken,
+      authOptions: envelope.authOptions,
+      recipients: envelope.recipients,
+      createdAt: envelope.createdAt,
+      updatedAt: envelope.updatedAt,
+      deletedAt: envelope.deletedAt,
+      documentMeta: envelope.documentMeta,
+    },
     hidePoweredBy: organisationClaim.flags.hidePoweredBy,
     documentLanguage,
     auditLogs,

apps/remix/app/routes/_recipient+/sign.$token+/complete.tsx

@@ -3,7 +3,7 @@ import { useEffect } from 'react';
 import { msg } from '@lingui/core/macro';
 import { useLingui } from '@lingui/react';
 import { Trans } from '@lingui/react/macro';
-import { type Document, DocumentStatus, FieldType, RecipientRole } from '@prisma/client';
+import { DocumentStatus, FieldType, RecipientRole } from '@prisma/client';
 import { CheckCircle2, Clock8, FileSearch } from 'lucide-react';
 import { Link, useRevalidator } from 'react-router';
 import { match } from 'ts-pattern';
@@ -19,6 +19,7 @@ import { getRecipientSignatures } from '@documenso/lib/server-only/recipient/get
 import { getUserByEmail } from '@documenso/lib/server-only/user/get-user-by-email';
 import { isDocumentCompleted } from '@documenso/lib/utils/document';
 import { env } from '@documenso/lib/utils/env';
+import type { Document } from '@documenso/prisma/types/document-legacy-schema';
 import DocumentDialog from '@documenso/ui/components/document/document-dialog';
 import { DocumentDownloadButton } from '@documenso/ui/components/document/document-download-button';
 import { DocumentShareButton } from '@documenso/ui/components/document/document-share-button';

apps/remix/app/routes/_recipient+/sign.$token+/waiting.tsx

@@ -1,11 +1,11 @@
 import { Trans } from '@lingui/react/macro';
 import type { Team } from '@prisma/client';
-import { DocumentStatus } from '@prisma/client';
+import { DocumentStatus, EnvelopeType } from '@prisma/client';
 import { Link, redirect } from 'react-router';
 
 import { getOptionalSession } from '@documenso/auth/server/lib/utils/get-session';
-import { getDocumentById } from '@documenso/lib/server-only/document/get-document-by-id';
 import { getDocumentAndSenderByToken } from '@documenso/lib/server-only/document/get-document-by-token';
+import { getEnvelopeById } from '@documenso/lib/server-only/envelope/get-envelope-by-id';
 import { getRecipientByToken } from '@documenso/lib/server-only/recipient/get-recipient-by-token';
 import { getTeamById } from '@documenso/lib/server-only/team/get-team';
 import { formatDocumentsPath } from '@documenso/lib/utils/teams';
@@ -40,12 +40,16 @@ export async function loader({ params, request }: Route.LoaderArgs) {
   let team: Team | null = null;
 
   if (user) {
-    isOwnerOrTeamMember = await getDocumentById({
+    isOwnerOrTeamMember = await getEnvelopeById({
-      documentId: document.id,
+      id: {
+        type: 'documentId',
+        id: document.id,
+      },
+      type: EnvelopeType.DOCUMENT,
       userId: user.id,
       teamId: document.teamId ?? undefined,
     })
-      .then((document) => !!document)
+      .then((envelope) => !!envelope)
       .catch(() => false);
 
     if (document.teamId) {

apps/remix/app/routes/_share+/share.$slug.tsx

@@ -81,9 +81,9 @@ export default function SharePage() {
       <DocumentCertificateQRView
         documentId={document.id}
         title={document.title}
-        documentData={document.documentData}
+        documentTeamUrl={document.documentTeamUrl}
-        password={document.documentMeta?.password}
+        documentData={document.documentData} // Todo: Envelopes
-        recipientCount={document.recipients?.length ?? 0}
+        recipientCount={document.recipientCount}
         completedDate={document.completedAt ?? undefined}
       />
     );

apps/remix/app/routes/embed+/v1+/authoring+/document.edit.$id.tsx

@@ -54,7 +54,10 @@ export const loader = async ({ request, params }: Route.LoaderArgs) => {
   }
 
   const document = await getDocumentWithDetailsById({
-    documentId,
+    id: {
+      type: 'documentId',
+      id: documentId,
+    },
     userId: result?.userId,
     teamId: result?.teamId ?? undefined,
   }).catch(() => null);

apps/remix/server/redirects.ts

@@ -1,6 +1,11 @@
+import { EnvelopeType } from '@prisma/client';
 import type { Context } from 'hono';
 
 import { getSession } from '@documenso/auth/server/lib/utils/get-session';
+import {
+  mapDocumentIdToSecondaryId,
+  mapTemplateIdToSecondaryId,
+} from '@documenso/lib/utils/envelope';
 import { buildTeamWhereQuery } from '@documenso/lib/utils/teams';
 import { prisma } from '@documenso/prisma';
 
@@ -104,9 +109,10 @@ async function hasAccessToDocument(c: Context, documentId: number): Promise<stri
 
   const userId = session.user.id;
 
-  const document = await prisma.document.findUnique({
+  const envelope = await prisma.envelope.findUnique({
     where: {
-      id: documentId,
+      type: EnvelopeType.DOCUMENT,
+      secondaryId: mapDocumentIdToSecondaryId(documentId),
       team: buildTeamWhereQuery({
         userId,
         teamId: undefined,
@@ -121,7 +127,7 @@ async function hasAccessToDocument(c: Context, documentId: number): Promise<stri
     },
   });
 
-  return document ? document.team.url : null;
+  return envelope ? envelope.team.url : null;
 }
 
 async function hasAccessToFolder(c: Context, folderId: string): Promise<string | null> {
@@ -154,9 +160,10 @@ async function hasAccessToTemplate(c: Context, templateId: number): Promise<stri
 
   const userId = session.user.id;
 
-  const template = await prisma.template.findUnique({
+  const envelope = await prisma.envelope.findUnique({
     where: {
-      id: templateId,
+      type: EnvelopeType.TEMPLATE,
+      secondaryId: mapTemplateIdToSecondaryId(templateId),
       team: buildTeamWhereQuery({
         userId,
         teamId: undefined,
@@ -171,5 +178,5 @@ async function hasAccessToTemplate(c: Context, templateId: number): Promise<stri
     },
   });
 
-  return template ? template.team.url : null;
+  return envelope ? envelope.team.url : null;
 }

packages/api/v1/schema.ts

@@ -8,8 +8,8 @@ import {
   RecipientRole,
   SendStatus,
   SigningStatus,
-  TemplateType,
 } from '@prisma/client';
+import { TemplateType } from '@prisma/client';
 import { z } from 'zod';
 
 import { DATE_FORMATS, DEFAULT_DOCUMENT_DATE_FORMAT } from '@documenso/lib/constants/date-formats';
@@ -49,7 +49,6 @@ export const ZSuccessfulDocumentResponseSchema = z.object({
   teamId: z.number().nullish(),
   title: z.string(),
   status: z.string(),
-  documentDataId: z.string(),
   createdAt: z.date(),
   updatedAt: z.date(),
   completedAt: z.date().nullable(),
@@ -545,7 +544,6 @@ export const ZTemplateSchema = z.object({
   title: z.string(),
   userId: z.number(),
   teamId: z.number().nullish(),
-  templateDocumentDataId: z.string(),
   createdAt: z.date(),
   updatedAt: z.date(),
 });

packages/app-tests/e2e/api/v1/document-sending.spec.ts

@@ -2,6 +2,7 @@ import { expect, test } from '@playwright/test';
 
 import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app';
 import { createApiToken } from '@documenso/lib/server-only/public-api/create-api-token';
+import { mapSecondaryIdToDocumentId } from '@documenso/lib/utils/envelope';
 import { prisma } from '@documenso/prisma';
 import { seedPendingDocumentWithFullFields } from '@documenso/prisma/seed/documents';
 import { seedUser } from '@documenso/prisma/seed/users';
@@ -25,7 +26,7 @@ test.describe('Document API', () => {
 
     // Test with sendCompletionEmails: false
     const response = await request.post(
-      `${NEXT_PUBLIC_WEBAPP_URL()}/api/v1/documents/${document.id}/send`,
+      `${NEXT_PUBLIC_WEBAPP_URL()}/api/v1/documents/${mapSecondaryIdToDocumentId(document.secondaryId)}/send`,
       {
         headers: {
           Authorization: `Bearer ${token}`,
@@ -41,7 +42,7 @@ test.describe('Document API', () => {
     expect(response.status()).toBe(200);
 
     // Verify email settings were updated
-    const updatedDocument = await prisma.document.findUnique({
+    const updatedDocument = await prisma.envelope.findUnique({
       where: { id: document.id },
       include: { documentMeta: true },
     });
@@ -53,7 +54,7 @@ test.describe('Document API', () => {
 
     // Test with sendCompletionEmails: true
     const response2 = await request.post(
-      `${NEXT_PUBLIC_WEBAPP_URL()}/api/v1/documents/${document.id}/send`,
+      `${NEXT_PUBLIC_WEBAPP_URL()}/api/v1/documents/${mapSecondaryIdToDocumentId(document.secondaryId)}/send`,
       {
         headers: {
           Authorization: `Bearer ${token}`,
@@ -69,7 +70,7 @@ test.describe('Document API', () => {
     expect(response2.status()).toBe(200);
 
     // Verify email settings were updated
-    const updatedDocument2 = await prisma.document.findUnique({
+    const updatedDocument2 = await prisma.envelope.findUnique({
       where: { id: document.id },
       include: { documentMeta: true },
     });
@@ -93,16 +94,16 @@ test.describe('Document API', () => {
 
     // Set initial email settings
     await prisma.documentMeta.upsert({
-      where: { documentId: document.id },
+      where: { id: document.documentMetaId },
       create: {
-        documentId: document.id,
+        id: document.documentMetaId,
         emailSettings: {
           documentCompleted: true,
           ownerDocumentCompleted: false,
         },
       },
       update: {
-        documentId: document.id,
+        id: document.documentMetaId,
         emailSettings: {
           documentCompleted: true,
           ownerDocumentCompleted: false,
@@ -118,7 +119,7 @@ test.describe('Document API', () => {
     });
 
     const response = await request.post(
-      `${NEXT_PUBLIC_WEBAPP_URL()}/api/v1/documents/${document.id}/send`,
+      `${NEXT_PUBLIC_WEBAPP_URL()}/api/v1/documents/${mapSecondaryIdToDocumentId(document.secondaryId)}/send`,
       {
         headers: {
           Authorization: `Bearer ${token}`,
@@ -134,7 +135,7 @@ test.describe('Document API', () => {
     expect(response.status()).toBe(200);
 
     // Verify email settings were not modified
-    const updatedDocument = await prisma.document.findUnique({
+    const updatedDocument = await prisma.envelope.findUnique({
       where: { id: document.id },
       include: { documentMeta: true },
     });

packages/app-tests/e2e/api/v1/template-field-prefill.spec.ts

@@ -3,6 +3,11 @@ import { expect, test } from '@playwright/test';
 import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app';
 import { createApiToken } from '@documenso/lib/server-only/public-api/create-api-token';
 import type { TCheckboxFieldMeta, TRadioFieldMeta } from '@documenso/lib/types/field-meta';
+import {
+  mapDocumentIdToSecondaryId,
+  mapSecondaryIdToDocumentId,
+  mapSecondaryIdToTemplateId,
+} from '@documenso/lib/utils/envelope';
 import { prisma } from '@documenso/prisma';
 import { FieldType, RecipientRole } from '@documenso/prisma/client';
 import { seedBlankTemplate } from '@documenso/prisma/seed/templates';
@@ -35,10 +40,12 @@ test.describe('Template Field Prefill API v1', () => {
       },
     });
 
+    const firstEnvelopeItem = template.envelopeItems[0];
+
     // 4. Create a recipient for the template
     const recipient = await prisma.recipient.create({
       data: {
-        templateId: template.id,
+        envelopeId: template.id,
         email: 'recipient@example.com',
         name: 'Test Recipient',
         role: RecipientRole.SIGNER,
@@ -53,7 +60,8 @@ test.describe('Template Field Prefill API v1', () => {
     // Add TEXT field
     const textField = await prisma.field.create({
       data: {
-        templateId: template.id,
+        envelopeId: template.id,
+        envelopeItemId: firstEnvelopeItem.id,
         recipientId: recipient.id,
         type: FieldType.TEXT,
         page: 1,
@@ -73,7 +81,8 @@ test.describe('Template Field Prefill API v1', () => {
     // Add NUMBER field
     const numberField = await prisma.field.create({
       data: {
-        templateId: template.id,
+        envelopeId: template.id,
+        envelopeItemId: firstEnvelopeItem.id,
         recipientId: recipient.id,
         type: FieldType.NUMBER,
         page: 1,
@@ -93,7 +102,8 @@ test.describe('Template Field Prefill API v1', () => {
     // Add RADIO field
     const radioField = await prisma.field.create({
       data: {
-        templateId: template.id,
+        envelopeId: template.id,
+        envelopeItemId: firstEnvelopeItem.id,
         recipientId: recipient.id,
         type: FieldType.RADIO,
         page: 1,
@@ -117,7 +127,8 @@ test.describe('Template Field Prefill API v1', () => {
     // Add CHECKBOX field
     const checkboxField = await prisma.field.create({
       data: {
-        templateId: template.id,
+        envelopeId: template.id,
+        envelopeItemId: firstEnvelopeItem.id,
         recipientId: recipient.id,
         type: FieldType.CHECKBOX,
         page: 1,
@@ -141,7 +152,8 @@ test.describe('Template Field Prefill API v1', () => {
     // Add DROPDOWN field
     const dropdownField = await prisma.field.create({
       data: {
-        templateId: template.id,
+        envelopeId: template.id,
+        envelopeItemId: firstEnvelopeItem.id,
         recipientId: recipient.id,
         type: FieldType.DROPDOWN,
         page: 1,
@@ -166,11 +178,13 @@ test.describe('Template Field Prefill API v1', () => {
     });
 
     // 7. Navigate to the template
-    await page.goto(`${WEBAPP_BASE_URL}/templates/${template.id}`);
+    await page.goto(
+      `${WEBAPP_BASE_URL}/templates/${mapSecondaryIdToTemplateId(template.secondaryId)}`,
+    );
 
     // 8. Create a document from the template with prefilled fields
     const response = await request.post(
-      `${WEBAPP_BASE_URL}/api/v1/templates/${template.id}/generate-document`,
+      `${WEBAPP_BASE_URL}/api/v1/templates/${mapSecondaryIdToTemplateId(template.secondaryId)}/generate-document`,
       {
         headers: {
           Authorization: `Bearer ${token}`,
@@ -229,9 +243,9 @@ test.describe('Template Field Prefill API v1', () => {
     expect(responseData.documentId).toBeDefined();
 
     // 9. Verify the document was created with prefilled fields
-    const document = await prisma.document.findUnique({
+    const document = await prisma.envelope.findUnique({
       where: {
-        id: responseData.documentId,
+        secondaryId: mapDocumentIdToSecondaryId(responseData.documentId),
       },
       include: {
         fields: true,
@@ -240,6 +254,10 @@ test.describe('Template Field Prefill API v1', () => {
 
     expect(document).not.toBeNull();
 
+    if (!document) {
+      throw new Error('Document not found');
+    }
+
     // 10. Verify each field has the correct prefilled values
     const documentTextField = document?.fields.find(
       (field) => field.type === FieldType.TEXT && field.fieldMeta?.type === 'text',
@@ -297,14 +315,14 @@ test.describe('Template Field Prefill API v1', () => {
     // 11. Sign in as the recipient and verify the prefilled fields are visible
     const documentRecipient = await prisma.recipient.findFirst({
       where: {
-        documentId: document?.id,
+        envelopeId: document?.id,
         email: 'recipient@example.com',
       },
     });
 
     // Send the document to the recipient
     const sendResponse = await request.post(
-      `${WEBAPP_BASE_URL}/api/v1/documents/${document?.id}/send`,
+      `${WEBAPP_BASE_URL}/api/v1/documents/${mapSecondaryIdToDocumentId(document.secondaryId)}/send`,
       {
         headers: {
           Authorization: `Bearer ${token}`,
@@ -367,10 +385,12 @@ test.describe('Template Field Prefill API v1', () => {
       },
     });
 
+    const firstEnvelopeItem = template.envelopeItems[0];
+
     // 4. Create a recipient for the template
     const recipient = await prisma.recipient.create({
       data: {
-        templateId: template.id,
+        envelopeId: template.id,
         email: 'recipient@example.com',
         name: 'Test Recipient',
         role: RecipientRole.SIGNER,
@@ -385,7 +405,8 @@ test.describe('Template Field Prefill API v1', () => {
     // Add TEXT field
     await prisma.field.create({
       data: {
-        templateId: template.id,
+        envelopeId: template.id,
+        envelopeItemId: firstEnvelopeItem.id,
         recipientId: recipient.id,
         type: FieldType.TEXT,
         page: 1,
@@ -405,7 +426,8 @@ test.describe('Template Field Prefill API v1', () => {
     // Add NUMBER field
     await prisma.field.create({
       data: {
-        templateId: template.id,
+        envelopeId: template.id,
+        envelopeItemId: firstEnvelopeItem.id,
         recipientId: recipient.id,
         type: FieldType.NUMBER,
         page: 1,
@@ -429,11 +451,13 @@ test.describe('Template Field Prefill API v1', () => {
     });
 
     // 7. Navigate to the template
-    await page.goto(`${WEBAPP_BASE_URL}/templates/${template.id}`);
+    await page.goto(
+      `${WEBAPP_BASE_URL}/templates/${mapSecondaryIdToTemplateId(template.secondaryId)}`,
+    );
 
     // 8. Create a document from the template without prefilled fields
     const response = await request.post(
-      `${WEBAPP_BASE_URL}/api/v1/templates/${template.id}/generate-document`,
+      `${WEBAPP_BASE_URL}/api/v1/templates/${mapSecondaryIdToTemplateId(template.secondaryId)}/generate-document`,
       {
         headers: {
           Authorization: `Bearer ${token}`,
@@ -461,9 +485,9 @@ test.describe('Template Field Prefill API v1', () => {
     expect(responseData.documentId).toBeDefined();
 
     // 9. Verify the document was created with default fields
-    const document = await prisma.document.findUnique({
+    const document = await prisma.envelope.findUnique({
       where: {
-        id: responseData.documentId,
+        secondaryId: mapDocumentIdToSecondaryId(responseData.documentId),
       },
       include: {
         fields: true,
@@ -472,6 +496,10 @@ test.describe('Template Field Prefill API v1', () => {
 
     expect(document).not.toBeNull();
 
+    if (!document) {
+      throw new Error('Document not found');
+    }
+
     // 10. Verify fields have their default values
     const documentTextField = document?.fields.find((field) => field.type === FieldType.TEXT);
     expect(documentTextField?.fieldMeta).toMatchObject({
@@ -488,7 +516,7 @@ test.describe('Template Field Prefill API v1', () => {
     // 11. Sign in as the recipient and verify the default fields are visible
     const documentRecipient = await prisma.recipient.findFirst({
       where: {
-        documentId: document?.id,
+        envelopeId: document?.id,
         email: 'recipient@example.com',
       },
     });
@@ -496,7 +524,7 @@ test.describe('Template Field Prefill API v1', () => {
     expect(documentRecipient).not.toBeNull();
 
     const sendResponse = await request.post(
-      `${WEBAPP_BASE_URL}/api/v1/documents/${document?.id}/send`,
+      `${WEBAPP_BASE_URL}/api/v1/documents/${mapSecondaryIdToDocumentId(document.secondaryId)}/send`,
       {
         headers: {
           Authorization: `Bearer ${token}`,
@@ -539,10 +567,12 @@ test.describe('Template Field Prefill API v1', () => {
       },
     });
 
+    const firstEnvelopeItem = template.envelopeItems[0];
+
     // 4. Create a recipient for the template
     const recipient = await prisma.recipient.create({
       data: {
-        templateId: template.id,
+        envelopeId: template.id,
         email: 'recipient@example.com',
         name: 'Test Recipient',
         role: RecipientRole.SIGNER,
@@ -556,7 +586,8 @@ test.describe('Template Field Prefill API v1', () => {
     // 5. Add a field to the template
     const field = await prisma.field.create({
       data: {
-        templateId: template.id,
+        envelopeId: template.id,
+        envelopeItemId: firstEnvelopeItem.id,
         recipientId: recipient.id,
         type: FieldType.RADIO,
         page: 1,
@@ -579,7 +610,7 @@ test.describe('Template Field Prefill API v1', () => {
 
     // 6. Try to create a document with invalid prefill value
     const response = await request.post(
-      `${WEBAPP_BASE_URL}/api/v1/templates/${template.id}/generate-document`,
+      `${WEBAPP_BASE_URL}/api/v1/templates/${mapSecondaryIdToTemplateId(template.secondaryId)}/generate-document`,
       {
         headers: {
           Authorization: `Bearer ${token}`,

packages/app-tests/e2e/api/v1/test-unauthorized-api-access.spec.ts

@@ -2,6 +2,10 @@ import { expect, test } from '@playwright/test';
 
 import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app';
 import { createApiToken } from '@documenso/lib/server-only/public-api/create-api-token';
+import {
+  mapSecondaryIdToDocumentId,
+  mapSecondaryIdToTemplateId,
+} from '@documenso/lib/utils/envelope';
 import { prisma } from '@documenso/prisma';
 import { FieldType } from '@documenso/prisma/client';
 import {
@@ -10,7 +14,7 @@ import {
   seedDraftDocument,
   seedPendingDocumentWithFullFields,
 } from '@documenso/prisma/seed/documents';
-import { seedBlankTemplate } from '@documenso/prisma/seed/templates';
+import { seedBlankTemplate, seedTemplate } from '@documenso/prisma/seed/templates';
 import { seedUser } from '@documenso/prisma/seed/users';
 
 const WEBAPP_BASE_URL = NEXT_PUBLIC_WEBAPP_URL();
@@ -20,6 +24,7 @@ test.describe.configure({
 });
 
 test.describe('Document Access API V1', () => {
+  test.describe('Document GET endpoint', () => {
     test('should block unauthorized access to documents not owned by the user', async ({
       request,
     }) => {
@@ -36,14 +41,42 @@ test.describe('Document Access API V1', () => {
       const documentA = await seedBlankDocument(userA, teamA.id);
 
       // User B cannot access User A's document
-    const resB = await request.get(`${WEBAPP_BASE_URL}/api/v1/documents/${documentA.id}`, {
+      const resB = await request.get(
+        `${WEBAPP_BASE_URL}/api/v1/documents/${mapSecondaryIdToDocumentId(documentA.secondaryId)}`,
+        {
           headers: { Authorization: `Bearer ${tokenB}` },
-    });
+        },
+      );
 
       expect(resB.ok()).toBeFalsy();
       expect(resB.status()).toBe(404);
     });
 
+    test('should allow authorized access to documents owned by the user', async ({ request }) => {
+      const { user: userA, team: teamA } = await seedUser();
+      const { token: tokenA } = await createApiToken({
+        userId: userA.id,
+        teamId: teamA.id,
+        tokenName: 'userA',
+        expiresIn: null,
+      });
+
+      const documentA = await seedBlankDocument(userA, teamA.id);
+
+      // User A can access their own document
+      const resA = await request.get(
+        `${WEBAPP_BASE_URL}/api/v1/documents/${mapSecondaryIdToDocumentId(documentA.secondaryId)}`,
+        {
+          headers: { Authorization: `Bearer ${tokenA}` },
+        },
+      );
+
+      expect(resA.ok()).toBeTruthy();
+      expect(resA.status()).toBe(200);
+    });
+  });
+
+  test.describe('Document download endpoint', () => {
     test('should block unauthorized access to document download endpoint', async ({ request }) => {
       const { user: userA, team: teamA } = await seedUser();
 
@@ -59,14 +92,52 @@ test.describe('Document Access API V1', () => {
         createDocumentOptions: { title: 'Document 1 - Completed' },
       });
 
-    const resB = await request.get(`${WEBAPP_BASE_URL}/api/v1/documents/${documentA.id}/download`, {
+      const resB = await request.get(
+        `${WEBAPP_BASE_URL}/api/v1/documents/${mapSecondaryIdToDocumentId(documentA.secondaryId)}/download`,
+        {
           headers: { Authorization: `Bearer ${tokenB}` },
-    });
+        },
+      );
+
+      const res = await resB.json();
 
       expect(resB.ok()).toBeFalsy();
-    expect(resB.status()).toBe(500);
+      expect(resB.status()).toBe(404);
     });
 
+    test('should allow authorized access to document download endpoint', async ({ request }) => {
+      const { user: userA, team: teamA } = await seedUser();
+      const { token: tokenA } = await createApiToken({
+        userId: userA.id,
+        teamId: teamA.id,
+        tokenName: 'userA',
+        expiresIn: null,
+      });
+
+      const documentA = await seedCompletedDocument(userA, teamA.id, ['test@example.com'], {
+        createDocumentOptions: { title: 'Document 1 - Completed' },
+      });
+
+      const resA = await request.get(
+        `${WEBAPP_BASE_URL}/api/v1/documents/${mapSecondaryIdToDocumentId(documentA.secondaryId)}/download`,
+        {
+          headers: { Authorization: `Bearer ${tokenA}` },
+        },
+      );
+
+      const res = await resA.json();
+
+      if (res.message === 'Document downloads are only available when S3 storage is configured.') {
+        expect(resA.ok()).toBeFalsy();
+        expect(resA.status()).toBe(500);
+      } else {
+        expect(resA.ok()).toBeTruthy();
+        expect(resA.status()).toBe(200);
+      }
+    });
+  });
+
+  test.describe('Document delete endpoint', () => {
     test('should block unauthorized access to document delete endpoint', async ({ request }) => {
       const { user: userA, team: teamA } = await seedUser();
 
@@ -80,14 +151,41 @@ test.describe('Document Access API V1', () => {
 
       const documentA = await seedBlankDocument(userA, teamA.id);
 
-    const resB = await request.delete(`${WEBAPP_BASE_URL}/api/v1/documents/${documentA.id}`, {
+      const resB = await request.delete(
+        `${WEBAPP_BASE_URL}/api/v1/documents/${mapSecondaryIdToDocumentId(documentA.secondaryId)}`,
+        {
           headers: { Authorization: `Bearer ${tokenB}` },
-    });
+        },
+      );
 
       expect(resB.ok()).toBeFalsy();
       expect(resB.status()).toBe(404);
     });
 
+    test('should allow authorized access to document delete endpoint', async ({ request }) => {
+      const { user: userA, team: teamA } = await seedUser();
+      const { token: tokenA } = await createApiToken({
+        userId: userA.id,
+        teamId: teamA.id,
+        tokenName: 'userA',
+        expiresIn: null,
+      });
+
+      const documentA = await seedBlankDocument(userA, teamA.id);
+
+      const resA = await request.delete(
+        `${WEBAPP_BASE_URL}/api/v1/documents/${mapSecondaryIdToDocumentId(documentA.secondaryId)}`,
+        {
+          headers: { Authorization: `Bearer ${tokenA}` },
+        },
+      );
+
+      expect(resA.ok()).toBeTruthy();
+      expect(resA.status()).toBe(200);
+    });
+  });
+
+  test.describe('Document send endpoint', () => {
     test('should block unauthorized access to document send endpoint', async ({ request }) => {
       const { user: userA, team: teamA } = await seedUser();
 
@@ -105,15 +203,47 @@ test.describe('Document Access API V1', () => {
         teamId: teamA.id,
       });
 
-    const resB = await request.post(`${WEBAPP_BASE_URL}/api/v1/documents/${documentA.id}/send`, {
+      const resB = await request.post(
+        `${WEBAPP_BASE_URL}/api/v1/documents/${mapSecondaryIdToDocumentId(documentA.secondaryId)}/send`,
+        {
           headers: { Authorization: `Bearer ${tokenB}` },
           data: {},
-    });
+        },
+      );
 
       expect(resB.ok()).toBeFalsy();
       expect(resB.status()).toBe(500);
     });
 
+    test('should allow authorized access to document send endpoint', async ({ request }) => {
+      const { user: userA, team: teamA } = await seedUser();
+      const { token: tokenA } = await createApiToken({
+        userId: userA.id,
+        teamId: teamA.id,
+        tokenName: 'userA',
+        expiresIn: null,
+      });
+
+      const { document: documentA } = await seedPendingDocumentWithFullFields({
+        owner: userA,
+        recipients: ['test@example.com'],
+        teamId: teamA.id,
+      });
+
+      const resA = await request.post(
+        `${WEBAPP_BASE_URL}/api/v1/documents/${mapSecondaryIdToDocumentId(documentA.secondaryId)}/send`,
+        {
+          headers: { Authorization: `Bearer ${tokenA}` },
+          data: {},
+        },
+      );
+
+      expect(resA.ok()).toBeTruthy();
+      expect(resA.status()).toBe(200);
+    });
+  });
+
+  test.describe('Document resend endpoint', () => {
     test('should block unauthorized access to document resend endpoint', async ({ request }) => {
       const { user: userA, team: teamA } = await seedUser();
 
@@ -133,18 +263,56 @@ test.describe('Document Access API V1', () => {
         teamId: teamA.id,
       });
 
-    const resB = await request.post(`${WEBAPP_BASE_URL}/api/v1/documents/${documentA.id}/resend`, {
+      const resB = await request.post(
+        `${WEBAPP_BASE_URL}/api/v1/documents/${mapSecondaryIdToDocumentId(documentA.secondaryId)}/resend`,
+        {
           headers: { Authorization: `Bearer ${tokenB}` },
           data: {
             recipients: [recipients[0].id],
           },
-    });
+        },
+      );
 
       expect(resB.ok()).toBeFalsy();
       expect(resB.status()).toBe(500);
     });
 
-  test('should block unauthorized access to document recipients endpoint', async ({ request }) => {
+    test('should allow authorized access to document resend endpoint', async ({ request }) => {
+      const { user: userA, team: teamA } = await seedUser();
+      const { token: tokenA } = await createApiToken({
+        userId: userA.id,
+        teamId: teamA.id,
+        tokenName: 'userA',
+        expiresIn: null,
+      });
+
+      const { user: recipientUser } = await seedUser();
+
+      const { document: documentA, recipients } = await seedPendingDocumentWithFullFields({
+        owner: userA,
+        recipients: [recipientUser.email],
+        teamId: teamA.id,
+      });
+
+      const resA = await request.post(
+        `${WEBAPP_BASE_URL}/api/v1/documents/${mapSecondaryIdToDocumentId(documentA.secondaryId)}/resend`,
+        {
+          headers: { Authorization: `Bearer ${tokenA}` },
+          data: {
+            recipients: [recipients[0].id],
+          },
+        },
+      );
+
+      expect(resA.ok()).toBeTruthy();
+      expect(resA.status()).toBe(200);
+    });
+  });
+
+  test.describe('Document recipients POST endpoint', () => {
+    test('should block unauthorized access to document recipients endpoint', async ({
+      request,
+    }) => {
       const { user: userA, team: teamA } = await seedUser();
 
       const { user: userB, team: teamB } = await seedUser();
@@ -158,7 +326,7 @@ test.describe('Document Access API V1', () => {
       const documentA = await seedBlankDocument(userA, teamA.id);
 
       const resB = await request.post(
-      `${WEBAPP_BASE_URL}/api/v1/documents/${documentA.id}/recipients`,
+        `${WEBAPP_BASE_URL}/api/v1/documents/${mapSecondaryIdToDocumentId(documentA.secondaryId)}/recipients`,
         {
           headers: { Authorization: `Bearer ${tokenB}` },
           data: { name: 'Test', email: 'test@example.com' },
@@ -169,7 +337,34 @@ test.describe('Document Access API V1', () => {
       expect(resB.status()).toBe(401);
     });
 
-  test('should block unauthorized access to PATCH on recipients endpoint', async ({ request }) => {
+    test('should allow authorized access to document recipients endpoint', async ({ request }) => {
+      const { user: userA, team: teamA } = await seedUser();
+      const { token: tokenA } = await createApiToken({
+        userId: userA.id,
+        teamId: teamA.id,
+        tokenName: 'userA',
+        expiresIn: null,
+      });
+
+      const documentA = await seedBlankDocument(userA, teamA.id);
+
+      const resA = await request.post(
+        `${WEBAPP_BASE_URL}/api/v1/documents/${mapSecondaryIdToDocumentId(documentA.secondaryId)}/recipients`,
+        {
+          headers: { Authorization: `Bearer ${tokenA}` },
+          data: { name: 'Test', email: 'test@example.com' },
+        },
+      );
+
+      expect(resA.ok()).toBeTruthy();
+      expect(resA.status()).toBe(200);
+    });
+  });
+
+  test.describe('Document recipients PATCH endpoint', () => {
+    test('should block unauthorized access to PATCH on recipients endpoint', async ({
+      request,
+    }) => {
       const { user: userA, team: teamA } = await seedUser();
 
       const { user: userB, team: teamB } = await seedUser();
@@ -186,13 +381,13 @@ test.describe('Document Access API V1', () => {
 
       const recipient = await prisma.recipient.findFirst({
         where: {
-        documentId: documentA.id,
+          envelopeId: documentA.id,
           email: userRecipient.email,
         },
       });
 
       const patchRes = await request.patch(
-      `${WEBAPP_BASE_URL}/api/v1/documents/${documentA.id}/recipients/${recipient!.id}`,
+        `${WEBAPP_BASE_URL}/api/v1/documents/${mapSecondaryIdToDocumentId(documentA.secondaryId)}/recipients/${recipient!.id}`,
         {
           headers: { Authorization: `Bearer ${tokenB}` },
           data: {
@@ -212,7 +407,52 @@ test.describe('Document Access API V1', () => {
       expect(patchRes.status()).toBe(401);
     });
 
-  test('should block unauthorized access to DELETE on recipients endpoint', async ({ request }) => {
+    test('should allow authorized access to PATCH on recipients endpoint', async ({ request }) => {
+      const { user: userA, team: teamA } = await seedUser();
+      const { token: tokenA } = await createApiToken({
+        userId: userA.id,
+        teamId: teamA.id,
+        tokenName: 'userA',
+        expiresIn: null,
+      });
+
+      const { user: userRecipient } = await seedUser();
+
+      const documentA = await seedDraftDocument(userA, teamA.id, [userRecipient.email]);
+
+      const recipient = await prisma.recipient.findFirst({
+        where: {
+          envelopeId: documentA.id,
+          email: userRecipient.email,
+        },
+      });
+
+      const patchRes = await request.patch(
+        `${WEBAPP_BASE_URL}/api/v1/documents/${mapSecondaryIdToDocumentId(documentA.secondaryId)}/recipients/${recipient!.id}`,
+        {
+          headers: { Authorization: `Bearer ${tokenA}` },
+          data: {
+            name: 'New Name',
+            email: 'new@example.com',
+            role: 'SIGNER',
+            signingOrder: null,
+            authOptions: {
+              accessAuth: [],
+              actionAuth: [],
+            },
+          },
+        },
+      );
+
+      expect(patchRes.ok()).toBeTruthy();
+      expect(patchRes.status()).toBe(200);
+    });
+  });
+
+  test.describe('Document recipients DELETE endpoint', () => {
+    test('should block unauthorized access to DELETE on recipients endpoint', async ({
+      request,
+    }) => {
       const { user: userA, team: teamA } = await seedUser();
 
       const { user: userB, team: teamB } = await seedUser();
@@ -229,13 +469,13 @@ test.describe('Document Access API V1', () => {
 
       const recipient = await prisma.recipient.findFirst({
         where: {
-        documentId: documentA.id,
+          envelopeId: documentA.id,
           email: userRecipient.email,
         },
       });
 
       const deleteRes = await request.delete(
-      `${WEBAPP_BASE_URL}/api/v1/documents/${documentA.id}/recipients/${recipient!.id}`,
+        `${WEBAPP_BASE_URL}/api/v1/documents/${mapSecondaryIdToDocumentId(documentA.secondaryId)}/recipients/${recipient!.id}`,
         {
           headers: { Authorization: `Bearer ${tokenB}` },
           data: {},
@@ -246,6 +486,40 @@ test.describe('Document Access API V1', () => {
       expect(deleteRes.status()).toBe(401);
     });
 
+    test('should allow authorized access to DELETE on recipients endpoint', async ({ request }) => {
+      const { user: userA, team: teamA } = await seedUser();
+      const { token: tokenA } = await createApiToken({
+        userId: userA.id,
+        teamId: teamA.id,
+        tokenName: 'userA',
+        expiresIn: null,
+      });
+
+      const { user: userRecipient } = await seedUser();
+
+      const documentA = await seedDraftDocument(userA, teamA.id, [userRecipient.email]);
+
+      const recipient = await prisma.recipient.findFirst({
+        where: {
+          envelopeId: documentA.id,
+          email: userRecipient.email,
+        },
+      });
+
+      const deleteRes = await request.delete(
+        `${WEBAPP_BASE_URL}/api/v1/documents/${mapSecondaryIdToDocumentId(documentA.secondaryId)}/recipients/${recipient!.id}`,
+        {
+          headers: { Authorization: `Bearer ${tokenA}` },
+          data: {},
+        },
+      );
+
+      expect(deleteRes.ok()).toBeTruthy();
+      expect(deleteRes.status()).toBe(200);
+    });
+  });
+
+  test.describe('Document fields POST endpoint', () => {
     test('should block unauthorized access to document fields endpoint', async ({ request }) => {
       const { user: userA, team: teamA } = await seedUser();
 
@@ -263,12 +537,14 @@ test.describe('Document Access API V1', () => {
 
       const documentRecipient = await prisma.recipient.findFirst({
         where: {
-        documentId: documentA.id,
+          envelopeId: documentA.id,
           email: recipientUser.email,
         },
       });
 
-    const resB = await request.post(`${WEBAPP_BASE_URL}/api/v1/documents/${documentA.id}/fields`, {
+      const resB = await request.post(
+        `${WEBAPP_BASE_URL}/api/v1/documents/${mapSecondaryIdToDocumentId(documentA.secondaryId)}/fields`,
+        {
           headers: { Authorization: `Bearer ${tokenB}` },
           data: {
             recipientId: documentRecipient!.id,
@@ -279,12 +555,55 @@ test.describe('Document Access API V1', () => {
             pageWidth: 1,
             pageHeight: 1,
           },
-    });
+        },
+      );
 
       expect(resB.ok()).toBeFalsy();
       expect(resB.status()).toBe(404);
     });
 
+    test('should allow authorized access to document fields endpoint', async ({ request }) => {
+      const { user: userA, team: teamA } = await seedUser();
+      const { token: tokenA } = await createApiToken({
+        userId: userA.id,
+        teamId: teamA.id,
+        tokenName: 'userA',
+        expiresIn: null,
+      });
+
+      const { user: recipientUser } = await seedUser();
+
+      const documentA = await seedDraftDocument(userA, teamA.id, [recipientUser.email]);
+
+      const documentRecipient = await prisma.recipient.findFirst({
+        where: {
+          envelopeId: documentA.id,
+          email: recipientUser.email,
+        },
+      });
+
+      const resA = await request.post(
+        `${WEBAPP_BASE_URL}/api/v1/documents/${mapSecondaryIdToDocumentId(documentA.secondaryId)}/fields`,
+        {
+          headers: { Authorization: `Bearer ${tokenA}` },
+          data: {
+            recipientId: documentRecipient!.id,
+            type: 'SIGNATURE',
+            pageNumber: 1,
+            pageX: 1,
+            pageY: 1,
+            pageWidth: 1,
+            pageHeight: 1,
+          },
+        },
+      );
+
+      expect(resA.ok()).toBeTruthy();
+      expect(resA.status()).toBe(200);
+    });
+  });
+
+  test.describe('Template GET endpoint', () => {
     test('should block unauthorized access to template get endpoint', async ({ request }) => {
       const { user: userA, team: teamA } = await seedUser();
 
@@ -298,14 +617,41 @@ test.describe('Document Access API V1', () => {
 
       const templateA = await seedBlankTemplate(userA, teamA.id);
 
-    const resB = await request.get(`${WEBAPP_BASE_URL}/api/v1/templates/${templateA.id}`, {
+      const resB = await request.get(
+        `${WEBAPP_BASE_URL}/api/v1/templates/${mapSecondaryIdToTemplateId(templateA.secondaryId)}`,
+        {
           headers: { Authorization: `Bearer ${tokenB}` },
-    });
+        },
+      );
 
       expect(resB.ok()).toBeFalsy();
       expect(resB.status()).toBe(404);
     });
 
+    test('should allow authorized access to template get endpoint', async ({ request }) => {
+      const { user: userA, team: teamA } = await seedUser();
+      const { token: tokenA } = await createApiToken({
+        userId: userA.id,
+        teamId: teamA.id,
+        tokenName: 'userA',
+        expiresIn: null,
+      });
+
+      const templateA = await seedBlankTemplate(userA, teamA.id);
+
+      const resA = await request.get(
+        `${WEBAPP_BASE_URL}/api/v1/templates/${mapSecondaryIdToTemplateId(templateA.secondaryId)}`,
+        {
+          headers: { Authorization: `Bearer ${tokenA}` },
+        },
+      );
+
+      expect(resA.ok()).toBeTruthy();
+      expect(resA.status()).toBe(200);
+    });
+  });
+
+  test.describe('Template DELETE endpoint', () => {
     test('should block unauthorized access to template delete endpoint', async ({ request }) => {
       const { user: userA, team: teamA } = await seedUser();
 
@@ -319,14 +665,41 @@ test.describe('Document Access API V1', () => {
 
       const templateA = await seedBlankTemplate(userA, teamA.id);
 
-    const resB = await request.delete(`${WEBAPP_BASE_URL}/api/v1/templates/${templateA.id}`, {
+      const resB = await request.delete(
+        `${WEBAPP_BASE_URL}/api/v1/templates/${mapSecondaryIdToTemplateId(templateA.secondaryId)}`,
+        {
           headers: { Authorization: `Bearer ${tokenB}` },
-    });
+        },
+      );
 
       expect(resB.ok()).toBeFalsy();
       expect(resB.status()).toBe(404);
     });
 
+    test('should allow authorized access to template delete endpoint', async ({ request }) => {
+      const { user: userA, team: teamA } = await seedUser();
+      const { token: tokenA } = await createApiToken({
+        userId: userA.id,
+        teamId: teamA.id,
+        tokenName: 'userA',
+        expiresIn: null,
+      });
+
+      const templateA = await seedBlankTemplate(userA, teamA.id);
+
+      const resA = await request.delete(
+        `${WEBAPP_BASE_URL}/api/v1/templates/${mapSecondaryIdToTemplateId(templateA.secondaryId)}`,
+        {
+          headers: { Authorization: `Bearer ${tokenA}` },
+        },
+      );
+
+      expect(resA.ok()).toBeTruthy();
+      expect(resA.status()).toBe(200);
+    });
+  });
+
+  test.describe('Document fields PATCH endpoint', () => {
     test('should block unauthorized access to PATCH on fields endpoint', async ({ request }) => {
       const { user: userA, team: teamA } = await seedUser();
 
@@ -341,16 +714,19 @@ test.describe('Document Access API V1', () => {
       const { user: userRecipient } = await seedUser();
       const documentA = await seedDraftDocument(userA, teamA.id, [userRecipient.email]);
 
+      const firstEnvelopeItem = documentA.envelopeItems[0];
+
       const recipient = await prisma.recipient.findFirst({
         where: {
-        documentId: documentA.id,
+          envelopeId: documentA.id,
           email: userRecipient.email,
         },
       });
 
       const field = await prisma.field.create({
         data: {
-        documentId: documentA.id,
+          envelopeId: documentA.id,
+          envelopeItemId: firstEnvelopeItem.id,
           recipientId: recipient!.id,
           type: FieldType.TEXT,
           page: 1,
@@ -368,7 +744,7 @@ test.describe('Document Access API V1', () => {
       });
 
       const patchRes = await request.patch(
-      `${WEBAPP_BASE_URL}/api/v1/documents/${documentA.id}/fields/${field.id}`,
+        `${WEBAPP_BASE_URL}/api/v1/documents/${mapSecondaryIdToDocumentId(documentA.secondaryId)}/fields/${field.id}`,
         {
           headers: { Authorization: `Bearer ${tokenB}` },
           data: {
@@ -390,6 +766,72 @@ test.describe('Document Access API V1', () => {
       expect(patchRes.status()).toBe(401);
     });
 
+    test('should allow authorized access to PATCH on fields endpoint', async ({ request }) => {
+      const { user: userA, team: teamA } = await seedUser();
+      const { token: tokenA } = await createApiToken({
+        userId: userA.id,
+        teamId: teamA.id,
+        tokenName: 'userA',
+        expiresIn: null,
+      });
+
+      const { user: userRecipient } = await seedUser();
+      const documentA = await seedDraftDocument(userA, teamA.id, [userRecipient.email]);
+
+      const firstEnvelopeItem = documentA.envelopeItems[0];
+
+      const recipient = await prisma.recipient.findFirst({
+        where: {
+          envelopeId: documentA.id,
+          email: userRecipient.email,
+        },
+      });
+
+      const field = await prisma.field.create({
+        data: {
+          envelopeId: documentA.id,
+          envelopeItemId: firstEnvelopeItem.id,
+          recipientId: recipient!.id,
+          type: FieldType.TEXT,
+          page: 1,
+          positionX: 5,
+          positionY: 5,
+          width: 10,
+          height: 5,
+          customText: '',
+          inserted: false,
+          fieldMeta: {
+            type: 'text',
+            label: 'Default Text Field',
+          },
+        },
+      });
+
+      const patchRes = await request.patch(
+        `${WEBAPP_BASE_URL}/api/v1/documents/${mapSecondaryIdToDocumentId(documentA.secondaryId)}/fields/${field.id}`,
+        {
+          headers: { Authorization: `Bearer ${tokenA}` },
+          data: {
+            recipientId: recipient!.id,
+            type: FieldType.TEXT,
+            pageNumber: 1,
+            pageX: 99,
+            pageY: 99,
+            pageWidth: 99,
+            pageHeight: 99,
+            fieldMeta: {
+              type: 'text',
+              label: 'My new field',
+            },
+          },
+        },
+      );
+      expect(patchRes.ok()).toBeTruthy();
+      expect(patchRes.status()).toBe(200);
+    });
+  });
+
+  test.describe('Document fields DELETE endpoint', () => {
     test('should block unauthorized access to DELETE on fields endpoint', async ({ request }) => {
       const { user: userA, team: teamA } = await seedUser();
 
@@ -404,16 +846,19 @@ test.describe('Document Access API V1', () => {
       const { user: userRecipient } = await seedUser();
       const documentA = await seedDraftDocument(userA, teamA.id, [userRecipient.email]);
 
+      const firstEnvelopeItem = documentA.envelopeItems[0];
+
       const recipient = await prisma.recipient.findFirst({
         where: {
-        documentId: documentA.id,
+          envelopeId: documentA.id,
           email: userRecipient.email,
         },
       });
 
       const field = await prisma.field.create({
         data: {
-        documentId: documentA.id,
+          envelopeId: documentA.id,
+          envelopeItemId: firstEnvelopeItem.id,
           recipientId: recipient!.id,
           type: FieldType.NUMBER,
           page: 1,
@@ -431,7 +876,7 @@ test.describe('Document Access API V1', () => {
       });
 
       const deleteRes = await request.delete(
-      `${WEBAPP_BASE_URL}/api/v1/documents/${documentA.id}/fields/${field.id}`,
+        `${WEBAPP_BASE_URL}/api/v1/documents/${mapSecondaryIdToDocumentId(documentA.secondaryId)}/fields/${field.id}`,
         {
           headers: { Authorization: `Bearer ${tokenB}` },
           data: {},
@@ -442,6 +887,61 @@ test.describe('Document Access API V1', () => {
       expect(deleteRes.status()).toBe(401);
     });
 
+    test('should allow authorized access to DELETE on fields endpoint', async ({ request }) => {
+      const { user: userA, team: teamA } = await seedUser();
+      const { token: tokenA } = await createApiToken({
+        userId: userA.id,
+        teamId: teamA.id,
+        tokenName: 'userA',
+        expiresIn: null,
+      });
+
+      const { user: userRecipient } = await seedUser();
+      const documentA = await seedDraftDocument(userA, teamA.id, [userRecipient.email]);
+
+      const firstEnvelopeItem = documentA.envelopeItems[0];
+
+      const recipient = await prisma.recipient.findFirst({
+        where: {
+          envelopeId: documentA.id,
+          email: userRecipient.email,
+        },
+      });
+
+      const field = await prisma.field.create({
+        data: {
+          envelopeId: documentA.id,
+          envelopeItemId: firstEnvelopeItem.id,
+          recipientId: recipient!.id,
+          type: FieldType.NUMBER,
+          page: 1,
+          positionX: 5,
+          positionY: 5,
+          width: 10,
+          height: 5,
+          customText: '',
+          inserted: false,
+          fieldMeta: {
+            type: 'number',
+            label: 'Default Number Field',
+          },
+        },
+      });
+
+      const deleteRes = await request.delete(
+        `${WEBAPP_BASE_URL}/api/v1/documents/${mapSecondaryIdToDocumentId(documentA.secondaryId)}/fields/${field.id}`,
+        {
+          headers: { Authorization: `Bearer ${tokenA}` },
+          data: {},
+        },
+      );
+
+      expect(deleteRes.ok()).toBeTruthy();
+      expect(deleteRes.status()).toBe(200);
+    });
+  });
+
+  test.describe('Documents list endpoint', () => {
     test('should block unauthorized access to documents list endpoint', async ({ request }) => {
       const { user: userA, team: teamA } = await seedUser();
 
@@ -470,6 +970,33 @@ test.describe('Document Access API V1', () => {
       expect(reqData.totalPages).toBe(0);
     });
 
+    test('should allow authorized access to documents list endpoint', async ({ request }) => {
+      const { user: userA, team: teamA } = await seedUser();
+      const { token: tokenA } = await createApiToken({
+        userId: userA.id,
+        teamId: teamA.id,
+        tokenName: 'userA',
+        expiresIn: null,
+      });
+
+      await seedBlankDocument(userA, teamA.id);
+
+      const resA = await request.get(`${WEBAPP_BASE_URL}/api/v1/documents`, {
+        headers: { Authorization: `Bearer ${tokenA}` },
+      });
+
+      const reqData = await resA.json();
+
+      expect(resA.ok()).toBeTruthy();
+      expect(resA.status()).toBe(200);
+      expect(reqData.documents.length).toBeGreaterThan(0);
+      expect(reqData.documents.every((doc: { userId: number }) => doc.userId === userA.id)).toBe(
+        true,
+      );
+    });
+  });
+
+  test.describe('Templates list endpoint', () => {
     test('should block unauthorized access to templates list endpoint', async ({ request }) => {
       const { user: userA, team: teamA } = await seedUser();
 
@@ -498,6 +1025,33 @@ test.describe('Document Access API V1', () => {
       expect(reqData.totalPages).toBe(0);
     });
 
+    test('should allow authorized access to templates list endpoint', async ({ request }) => {
+      const { user: userA, team: teamA } = await seedUser();
+      const { token: tokenA } = await createApiToken({
+        userId: userA.id,
+        teamId: teamA.id,
+        tokenName: 'userA',
+        expiresIn: null,
+      });
+
+      await seedBlankTemplate(userA, teamA.id);
+
+      const resA = await request.get(`${WEBAPP_BASE_URL}/api/v1/templates`, {
+        headers: { Authorization: `Bearer ${tokenA}` },
+      });
+
+      const reqData = await resA.json();
+
+      expect(resA.ok()).toBeTruthy();
+      expect(resA.status()).toBe(200);
+      expect(reqData.templates.length).toBeGreaterThan(0);
+      expect(reqData.templates.every((tpl: { userId: number }) => tpl.userId === userA.id)).toBe(
+        true,
+      );
+    });
+  });
+
+  test.describe('Create document from template endpoint', () => {
     test('should block unauthorized access to create-document-from-template endpoint', async ({
       request,
     }) => {
@@ -511,10 +1065,13 @@ test.describe('Document Access API V1', () => {
         expiresIn: null,
       });
 
-    const templateA = await seedBlankTemplate(userA, teamA.id);
+      const templateA = await seedTemplate({
+        teamId: teamA.id,
+        userId: userA.id,
+      });
 
       const resB = await request.post(
-      `${WEBAPP_BASE_URL}/api/v1/templates/${templateA.id}/create-document`,
+        `${WEBAPP_BASE_URL}/api/v1/templates/${mapSecondaryIdToTemplateId(templateA.secondaryId)}/create-document`,
         {
           headers: {
             Authorization: `Bearer ${tokenB}`,
@@ -537,4 +1094,46 @@ test.describe('Document Access API V1', () => {
       expect(resB.ok()).toBeFalsy();
       expect(resB.status()).toBe(401);
     });
+
+    test('should allow authorized access to create-document-from-template endpoint', async ({
+      request,
+    }) => {
+      const { user: userA, team: teamA } = await seedUser();
+      const { token: tokenA } = await createApiToken({
+        userId: userA.id,
+        teamId: teamA.id,
+        tokenName: 'userA',
+        expiresIn: null,
+      });
+
+      const templateA = await seedTemplate({
+        teamId: teamA.id,
+        userId: userA.id,
+      });
+
+      const resA = await request.post(
+        `${WEBAPP_BASE_URL}/api/v1/templates/${mapSecondaryIdToTemplateId(templateA.secondaryId)}/create-document`,
+        {
+          headers: {
+            Authorization: `Bearer ${tokenA}`,
+            'Content-Type': 'application/json',
+          },
+          data: {
+            title: 'Should work',
+            recipients: [{ name: 'Test user', email: 'test@example.com' }],
+            meta: {
+              subject: 'Test',
+              message: 'Test',
+              timezone: 'UTC',
+              dateFormat: 'yyyy-MM-dd',
+              redirectUrl: 'https://example.com',
+            },
+          },
+        },
+      );
+
+      expect(resA.ok()).toBeTruthy();
+      expect(resA.status()).toBe(200);
+    });
+  });
 });

packages/app-tests/e2e/api/v2/template-field-prefill.spec.ts

@@ -3,6 +3,11 @@ import { expect, test } from '@playwright/test';
 import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app';
 import { createApiToken } from '@documenso/lib/server-only/public-api/create-api-token';
 import type { TCheckboxFieldMeta, TRadioFieldMeta } from '@documenso/lib/types/field-meta';
+import {
+  mapDocumentIdToSecondaryId,
+  mapSecondaryIdToDocumentId,
+  mapSecondaryIdToTemplateId,
+} from '@documenso/lib/utils/envelope';
 import { prisma } from '@documenso/prisma';
 import { FieldType, RecipientRole } from '@documenso/prisma/client';
 import { seedBlankTemplate } from '@documenso/prisma/seed/templates';
@@ -35,10 +40,12 @@ test.describe('Template Field Prefill API v2', () => {
       },
     });
 
+    const firstEnvelopeItem = template.envelopeItems[0];
+
     // 4. Create a recipient for the template
     const recipient = await prisma.recipient.create({
       data: {
-        templateId: template.id,
+        envelopeId: template.id,
         email: 'recipient@example.com',
         name: 'Test Recipient',
         role: RecipientRole.SIGNER,
@@ -53,7 +60,8 @@ test.describe('Template Field Prefill API v2', () => {
     // Add TEXT field
     const textField = await prisma.field.create({
       data: {
-        templateId: template.id,
+        envelopeId: template.id,
+        envelopeItemId: firstEnvelopeItem.id,
         recipientId: recipient.id,
         type: FieldType.TEXT,
         page: 1,
@@ -73,7 +81,8 @@ test.describe('Template Field Prefill API v2', () => {
     // Add NUMBER field
     const numberField = await prisma.field.create({
       data: {
-        templateId: template.id,
+        envelopeId: template.id,
+        envelopeItemId: firstEnvelopeItem.id,
         recipientId: recipient.id,
         type: FieldType.NUMBER,
         page: 1,
@@ -93,7 +102,8 @@ test.describe('Template Field Prefill API v2', () => {
     // Add RADIO field
     const radioField = await prisma.field.create({
       data: {
-        templateId: template.id,
+        envelopeId: template.id,
+        envelopeItemId: firstEnvelopeItem.id,
         recipientId: recipient.id,
         type: FieldType.RADIO,
         page: 1,
@@ -117,7 +127,8 @@ test.describe('Template Field Prefill API v2', () => {
     // Add CHECKBOX field
     const checkboxField = await prisma.field.create({
       data: {
-        templateId: template.id,
+        envelopeId: template.id,
+        envelopeItemId: firstEnvelopeItem.id,
         recipientId: recipient.id,
         type: FieldType.CHECKBOX,
         page: 1,
@@ -141,7 +152,8 @@ test.describe('Template Field Prefill API v2', () => {
     // Add DROPDOWN field
     const dropdownField = await prisma.field.create({
       data: {
-        templateId: template.id,
+        envelopeId: template.id,
+        envelopeItemId: firstEnvelopeItem.id,
         recipientId: recipient.id,
         type: FieldType.DROPDOWN,
         page: 1,
@@ -166,7 +178,9 @@ test.describe('Template Field Prefill API v2', () => {
     });
 
     // 7. Navigate to the template
-    await page.goto(`${WEBAPP_BASE_URL}/templates/${template.id}`);
+    await page.goto(
+      `${WEBAPP_BASE_URL}/templates/${mapSecondaryIdToTemplateId(template.secondaryId)}`,
+    );
 
     // 8. Create a document from the template with prefilled fields using v2 API
     const response = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/template/use`, {
@@ -175,7 +189,7 @@ test.describe('Template Field Prefill API v2', () => {
         'Content-Type': 'application/json',
       },
       data: {
-        templateId: template.id,
+        templateId: mapSecondaryIdToTemplateId(template.secondaryId),
         recipients: [
           {
             id: recipient.id,
@@ -226,9 +240,9 @@ test.describe('Template Field Prefill API v2', () => {
     expect(responseData.id).toBeDefined();
 
     // 9. Verify the document was created with prefilled fields
-    const document = await prisma.document.findUnique({
+    const document = await prisma.envelope.findUnique({
       where: {
-        id: responseData.id,
+        secondaryId: mapDocumentIdToSecondaryId(responseData.id),
       },
       include: {
         fields: true,
@@ -237,6 +251,10 @@ test.describe('Template Field Prefill API v2', () => {
 
     expect(document).not.toBeNull();
 
+    if (!document) {
+      throw new Error('Document not found');
+    }
+
     // 10. Verify each field has the correct prefilled values
     const documentTextField = document?.fields.find(
       (field) => field.type === FieldType.TEXT && field.fieldMeta?.type === 'text',
@@ -297,7 +315,7 @@ test.describe('Template Field Prefill API v2', () => {
         'Content-Type': 'application/json',
       },
       data: {
-        documentId: document?.id,
+        documentId: mapSecondaryIdToDocumentId(document?.secondaryId),
         meta: {
           subject: 'Test Subject',
           message: 'Test Message',
@@ -311,7 +329,7 @@ test.describe('Template Field Prefill API v2', () => {
     // 11. Sign in as the recipient and verify the prefilled fields are visible
     const documentRecipient = await prisma.recipient.findFirst({
       where: {
-        documentId: document?.id,
+        envelopeId: document?.id,
         email: 'recipient@example.com',
       },
     });
@@ -364,10 +382,12 @@ test.describe('Template Field Prefill API v2', () => {
       },
     });
 
+    const firstEnvelopeItem = template.envelopeItems[0];
+
     // 4. Create a recipient for the template
     const recipient = await prisma.recipient.create({
       data: {
-        templateId: template.id,
+        envelopeId: template.id,
         email: 'recipient@example.com',
         name: 'Test Recipient',
         role: RecipientRole.SIGNER,
@@ -382,7 +402,8 @@ test.describe('Template Field Prefill API v2', () => {
     // Add TEXT field
     await prisma.field.create({
       data: {
-        templateId: template.id,
+        envelopeId: template.id,
+        envelopeItemId: firstEnvelopeItem.id,
         recipientId: recipient.id,
         type: FieldType.TEXT,
         page: 1,
@@ -402,7 +423,8 @@ test.describe('Template Field Prefill API v2', () => {
     // Add NUMBER field
     await prisma.field.create({
       data: {
-        templateId: template.id,
+        envelopeId: template.id,
+        envelopeItemId: firstEnvelopeItem.id,
         recipientId: recipient.id,
         type: FieldType.NUMBER,
         page: 1,
@@ -426,7 +448,9 @@ test.describe('Template Field Prefill API v2', () => {
     });
 
     // 7. Navigate to the template
-    await page.goto(`${WEBAPP_BASE_URL}/templates/${template.id}`);
+    await page.goto(
+      `${WEBAPP_BASE_URL}/templates/${mapSecondaryIdToTemplateId(template.secondaryId)}`,
+    );
 
     // 8. Create a document from the template without prefilled fields using v2 API
     const response = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/template/use`, {
@@ -435,7 +459,7 @@ test.describe('Template Field Prefill API v2', () => {
         'Content-Type': 'application/json',
       },
       data: {
-        templateId: template.id,
+        templateId: mapSecondaryIdToTemplateId(template.secondaryId),
         recipients: [
           {
             id: recipient.id,
@@ -454,9 +478,9 @@ test.describe('Template Field Prefill API v2', () => {
     expect(responseData.id).toBeDefined();
 
     // 9. Verify the document was created with default fields
-    const document = await prisma.document.findUnique({
+    const document = await prisma.envelope.findUnique({
       where: {
-        id: responseData.id,
+        secondaryId: mapDocumentIdToSecondaryId(responseData.id),
       },
       include: {
         fields: true,
@@ -465,6 +489,10 @@ test.describe('Template Field Prefill API v2', () => {
 
     expect(document).not.toBeNull();
 
+    if (!document) {
+      throw new Error('Document not found');
+    }
+
     // 10. Verify fields have their default values
     const documentTextField = document?.fields.find((field) => field.type === FieldType.TEXT);
     expect(documentTextField?.fieldMeta).toMatchObject({
@@ -484,7 +512,7 @@ test.describe('Template Field Prefill API v2', () => {
         'Content-Type': 'application/json',
       },
       data: {
-        documentId: document?.id,
+        documentId: mapSecondaryIdToDocumentId(document?.secondaryId),
         meta: {
           subject: 'Test Subject',
           message: 'Test Message',
@@ -498,7 +526,7 @@ test.describe('Template Field Prefill API v2', () => {
     // 11. Sign in as the recipient and verify the default fields are visible
     const documentRecipient = await prisma.recipient.findFirst({
       where: {
-        documentId: document?.id,
+        envelopeId: document?.id,
         email: 'recipient@example.com',
       },
     });
@@ -531,10 +559,12 @@ test.describe('Template Field Prefill API v2', () => {
       },
     });
 
+    const firstEnvelopeItem = template.envelopeItems[0];
+
     // 4. Create a recipient for the template
     const recipient = await prisma.recipient.create({
       data: {
-        templateId: template.id,
+        envelopeId: template.id,
         email: 'recipient@example.com',
         name: 'Test Recipient',
         role: RecipientRole.SIGNER,
@@ -548,7 +578,8 @@ test.describe('Template Field Prefill API v2', () => {
     // 5. Add a field to the template
     const field = await prisma.field.create({
       data: {
-        templateId: template.id,
+        envelopeId: template.id,
+        envelopeItemId: firstEnvelopeItem.id,
         recipientId: recipient.id,
         type: FieldType.RADIO,
         page: 1,
@@ -576,7 +607,7 @@ test.describe('Template Field Prefill API v2', () => {
         'Content-Type': 'application/json',
       },
       data: {
-        templateId: template.id,
+        templateId: mapSecondaryIdToTemplateId(template.secondaryId),
         recipients: [
           {
             id: recipient.id,

packages/app-tests/e2e/document-auth/access-auth.spec.ts

@@ -19,7 +19,7 @@ test('[DOCUMENT_AUTH]: should grant access when not required', async ({ page })
 
   const recipients = await prisma.recipient.findMany({
     where: {
-      documentId: document.id,
+      envelopeId: document.id,
     },
   });
 
@@ -52,7 +52,7 @@ test('[DOCUMENT_AUTH]: should allow or deny access when required', async ({ page
 
   const recipients = await prisma.recipient.findMany({
     where: {
-      documentId: document.id,
+      envelopeId: document.id,
     },
   });
 

packages/app-tests/e2e/document-auth/next-recipient-dictation.spec.ts

@@ -85,7 +85,7 @@ test('[NEXT_RECIPIENT_DICTATION]: should allow updating next recipient when dict
   await page.waitForURL(`${signUrl}/complete`);
 
   // Verify document and recipient states
-  const updatedDocument = await prisma.document.findUniqueOrThrow({
+  const updatedDocument = await prisma.envelope.findUniqueOrThrow({
     where: { id: document.id },
     include: {
       recipients: {
@@ -172,7 +172,7 @@ test('[NEXT_RECIPIENT_DICTATION]: should not show dictation UI when disabled', a
 
   // Verify document and recipient states
 
-  const updatedDocument = await prisma.document.findUniqueOrThrow({
+  const updatedDocument = await prisma.envelope.findUniqueOrThrow({
     where: { id: document.id },
     include: {
       recipients: {
@@ -259,7 +259,7 @@ test('[NEXT_RECIPIENT_DICTATION]: should work with parallel signing flow', async
 
   // Verify final document and recipient states
   await expect(async () => {
-    const updatedDocument = await prisma.document.findUniqueOrThrow({
+    const updatedDocument = await prisma.envelope.findUniqueOrThrow({
       where: { id: document.id },
       include: {
         recipients: {
@@ -362,7 +362,7 @@ test('[NEXT_RECIPIENT_DICTATION]: should allow assistant to dictate next signer'
 
   // Verify document and recipient states
   await expect(async () => {
-    const updatedDocument = await prisma.document.findUniqueOrThrow({
+    const updatedDocument = await prisma.envelope.findUniqueOrThrow({
       where: { id: document.id },
       include: {
         recipients: {

packages/app-tests/e2e/document-flow/settings-step.spec.ts

@@ -1,5 +1,6 @@
 import { expect, test } from '@playwright/test';
 
+import { mapSecondaryIdToDocumentId } from '@documenso/lib/utils/envelope';
 import {
   seedBlankDocument,
   seedDraftDocument,
@@ -16,7 +17,7 @@ test('[DOCUMENT_FLOW]: add settings', async ({ page }) => {
   await apiSignin({
     page,
     email: user.email,
-    redirectPath: `/t/${team.url}/documents/${document.id}/edit`,
+    redirectPath: `/t/${team.url}/documents/${mapSecondaryIdToDocumentId(document.secondaryId)}/edit`,
   });
 
   // Set title.
@@ -52,13 +53,15 @@ test('[DOCUMENT_FLOW]: title should be disabled depending on document status', a
   await apiSignin({
     page,
     email: user.email,
-    redirectPath: `/t/${team.url}/documents/${pendingDocument.id}/edit`,
+    redirectPath: `/t/${team.url}/documents/${mapSecondaryIdToDocumentId(pendingDocument.secondaryId)}/edit`,
   });
 
   // Should be disabled for pending documents.
   await expect(page.getByLabel('Title')).toBeDisabled();
 
   // Should be enabled for draft documents.
-  await page.goto(`/t/${team.url}/documents/${draftDocument.id}/edit`);
+  await page.goto(
+    `/t/${team.url}/documents/${mapSecondaryIdToDocumentId(draftDocument.secondaryId)}/edit`,
+  );
   await expect(page.getByLabel('Title')).toBeEnabled();
 });

packages/app-tests/e2e/document-flow/signers-step.spec.ts

@@ -1,5 +1,6 @@
 import { expect, test } from '@playwright/test';
 
+import { mapSecondaryIdToDocumentId } from '@documenso/lib/utils/envelope';
 import { seedBlankDocument } from '@documenso/prisma/seed/documents';
 import { seedUser } from '@documenso/prisma/seed/users';
 
@@ -12,7 +13,7 @@ test('[DOCUMENT_FLOW]: add signers', async ({ page }) => {
   await apiSignin({
     page,
     email: user.email,
-    redirectPath: `/t/${team.url}/documents/${document.id}/edit`,
+    redirectPath: `/t/${team.url}/documents/${mapSecondaryIdToDocumentId(document.secondaryId)}/edit`,
   });
 
   // Save the settings by going to the next step.

packages/app-tests/e2e/document-flow/stepper-component.spec.ts

@@ -9,7 +9,10 @@ import {
 import { DateTime } from 'luxon';
 import path from 'node:path';
 
-import { getRecipientByEmail } from '@documenso/lib/server-only/recipient/get-recipient-by-email';
+import {
+  mapDocumentIdToSecondaryId,
+  mapSecondaryIdToDocumentId,
+} from '@documenso/lib/utils/envelope';
 import { prisma } from '@documenso/prisma';
 import {
   seedBlankDocument,
@@ -23,7 +26,7 @@ import { signSignaturePad } from '../fixtures/signature';
 // Can't use the function in server-only/document due to it indirectly using
 // require imports.
 const getDocumentByToken = async (token: string) => {
-  return await prisma.document.findFirstOrThrow({
+  return await prisma.envelope.findFirstOrThrow({
     where: {
       recipients: {
         some: {
@@ -69,7 +72,7 @@ test('[DOCUMENT_FLOW]: should be able to create a document', async ({ page }) =>
   await apiSignin({
     page,
     email: user.email,
-    redirectPath: `/t/${team.url}/documents/${document.id}/edit`,
+    redirectPath: `/t/${team.url}/documents/${mapSecondaryIdToDocumentId(document.secondaryId)}/edit`,
   });
 
   const documentTitle = `example-${Date.now()}.pdf`;
@@ -130,7 +133,7 @@ test('[DOCUMENT_FLOW]: should be able to create a document with multiple recipie
   await apiSignin({
     page,
     email: user.email,
-    redirectPath: `/t/${team.url}/documents/${document.id}/edit`,
+    redirectPath: `/t/${team.url}/documents/${mapSecondaryIdToDocumentId(document.secondaryId)}/edit`,
   });
 
   const documentTitle = `example-${Date.now()}.pdf`;
@@ -215,7 +218,7 @@ test('[DOCUMENT_FLOW]: should be able to create a document with multiple recipie
   await apiSignin({
     page,
     email: user.email,
-    redirectPath: `/t/${team.url}/documents/${document.id}/edit`,
+    redirectPath: `/t/${team.url}/documents/${mapSecondaryIdToDocumentId(document.secondaryId)}/edit`,
   });
 
   // Set title
@@ -313,7 +316,7 @@ test('[DOCUMENT_FLOW]: should not be able to create a document without signature
   await apiSignin({
     page,
     email: user.email,
-    redirectPath: `/t/${team.url}/documents/${document.id}/edit`,
+    redirectPath: `/t/${team.url}/documents/${mapSecondaryIdToDocumentId(document.secondaryId)}/edit`,
   });
 
   const documentTitle = `example-${Date.now()}.pdf`;
@@ -401,7 +404,7 @@ test('[DOCUMENT_FLOW]: should be able to create, send with redirect url, sign a
   await apiSignin({
     page,
     email: user.email,
-    redirectPath: `/t/${team.url}/documents/${document.id}/edit`,
+    redirectPath: `/t/${team.url}/documents/${mapSecondaryIdToDocumentId(document.secondaryId)}/edit`,
   });
 
   const documentTitle = `example-${Date.now()}.pdf`;
@@ -442,9 +445,13 @@ test('[DOCUMENT_FLOW]: should be able to create, send with redirect url, sign a
   const url = page.url().split('/');
   const documentId = url[url.length - 1];
 
-  const { token } = await getRecipientByEmail({
+  const { token } = await prisma.recipient.findFirstOrThrow({
+    where: {
+      envelope: {
+        secondaryId: mapDocumentIdToSecondaryId(Number(documentId)),
+      },
       email: 'user1@example.com',
-    documentId: Number(documentId),
+    },
   });
 
   await page.goto(`/sign/${token}`);
@@ -500,7 +507,7 @@ test('[DOCUMENT_FLOW]: should be able to sign a document with custom date', asyn
       recipient: {
         email: 'user1@example.com',
       },
-      documentId: Number(document.id),
+      envelopeId: document.id,
     },
   });
 
@@ -525,7 +532,7 @@ test('[DOCUMENT_FLOW]: should be able to create and sign a document with 3 recip
   await apiSignin({
     page,
     email: user.email,
-    redirectPath: `/t/${team.url}/documents/${document.id}/edit`,
+    redirectPath: `/t/${team.url}/documents/${mapSecondaryIdToDocumentId(document.secondaryId)}/edit`,
   });
 
   const documentTitle = `Sequential-Signing-${Date.now()}.pdf`;
@@ -587,7 +594,7 @@ test('[DOCUMENT_FLOW]: should be able to create and sign a document with 3 recip
 
   await expect(page.getByRole('link', { name: documentTitle })).toBeVisible();
 
-  const createdDocument = await prisma.document.findFirst({
+  const createdDocument = await prisma.envelope.findFirst({
     where: { title: documentTitle },
     include: { recipients: true },
   });
@@ -602,13 +609,13 @@ test('[DOCUMENT_FLOW]: should be able to create and sign a document with 3 recip
     expect(recipient).not.toBeNull();
 
     const fields = await prisma.field.findMany({
-      where: { recipientId: recipient?.id, documentId: createdDocument?.id },
+      where: { recipientId: recipient?.id, envelopeId: createdDocument?.id },
     });
     const recipientField = fields[0];
 
     if (i > 0) {
       const previousRecipient = await prisma.recipient.findFirst({
-        where: { email: `user${i}@example.com`, documentId: createdDocument?.id },
+        where: { email: `user${i}@example.com`, envelopeId: createdDocument?.id },
       });
 
       expect(previousRecipient?.signingStatus).toBe(SigningStatus.SIGNED);
@@ -636,7 +643,7 @@ test('[DOCUMENT_FLOW]: should be able to create and sign a document with 3 recip
   // Wait for the document to be signed.
   await page.waitForTimeout(10000);
 
-  const finalDocument = await prisma.document.findFirst({
+  const finalDocument = await prisma.envelope.findFirst({
     where: { id: createdDocument?.id },
   });
 
@@ -648,19 +655,21 @@ test('[DOCUMENT_FLOW]: should prevent out-of-order signing in sequential mode',
 }) => {
   const { user, team } = await seedUser();
 
-  const { recipients } = await seedPendingDocumentWithFullFields({
+  const { document, recipients } = await seedPendingDocumentWithFullFields({
     teamId: team.id,
     owner: user,
     recipients: ['user1@example.com', 'user2@example.com', 'user3@example.com'],
     fields: [FieldType.SIGNATURE],
     recipientsCreateOptions: [{ signingOrder: 1 }, { signingOrder: 2 }, { signingOrder: 3 }],
-    updateDocumentOptions: {
+  });
-      documentMeta: {
+
-        create: {
+  await prisma.documentMeta.update({
+    where: {
+      id: document.documentMetaId,
+    },
+    data: {
       signingOrder: DocumentSigningOrder.SEQUENTIAL,
     },
-      },
-    },
   });
 
   const pendingRecipient = recipients.find((r) => r.signingOrder === 2);

packages/app-tests/e2e/documents/test-unauthorized-document-access.spec.ts

@@ -1,6 +1,7 @@
 import { expect, test } from '@playwright/test';
 
 import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app';
+import { mapSecondaryIdToDocumentId } from '@documenso/lib/utils/envelope';
 import {
   seedBlankDocument,
   seedCompletedDocument,
@@ -27,7 +28,9 @@ test.describe('Unauthorized Access to Documents', () => {
       redirectPath: `/t/${team.url}/documents`,
     });
 
-    await page.goto(`${NEXT_PUBLIC_WEBAPP_URL()}/t/${team.url}/documents/${document.id}`);
+    await page.goto(
+      `${NEXT_PUBLIC_WEBAPP_URL()}/t/${team.url}/documents/${mapSecondaryIdToDocumentId(document.secondaryId)}`,
+    );
     await expect(page.getByRole('heading', { name: 'Oops! Something went wrong.' })).toBeVisible();
   });
 
@@ -40,10 +43,12 @@ test.describe('Unauthorized Access to Documents', () => {
     await apiSignin({
       page,
       email: unauthorizedUser.email,
-      redirectPath: `/t/${team.url}/documents/${document.id}/edit`,
+      redirectPath: `/t/${team.url}/documents/${mapSecondaryIdToDocumentId(document.secondaryId)}/edit`,
     });
 
-    await page.goto(`${NEXT_PUBLIC_WEBAPP_URL()}/t/${team.url}/documents/${document.id}/edit`);
+    await page.goto(
+      `${NEXT_PUBLIC_WEBAPP_URL()}/t/${team.url}/documents/${mapSecondaryIdToDocumentId(document.secondaryId)}/edit`,
+    );
     await expect(page.getByRole('heading', { name: 'Oops! Something went wrong.' })).toBeVisible();
   });
 
@@ -57,10 +62,12 @@ test.describe('Unauthorized Access to Documents', () => {
     await apiSignin({
       page,
       email: unauthorizedUser.email,
-      redirectPath: `/t/${team.url}/documents/${document.id}`,
+      redirectPath: `/t/${team.url}/documents/${mapSecondaryIdToDocumentId(document.secondaryId)}`,
     });
 
-    await page.goto(`${NEXT_PUBLIC_WEBAPP_URL()}/t/${team.url}/documents/${document.id}`);
+    await page.goto(
+      `${NEXT_PUBLIC_WEBAPP_URL()}/t/${team.url}/documents/${mapSecondaryIdToDocumentId(document.secondaryId)}`,
+    );
     await expect(page.getByRole('heading', { name: 'Oops! Something went wrong.' })).toBeVisible();
   });
 
@@ -74,10 +81,12 @@ test.describe('Unauthorized Access to Documents', () => {
     await apiSignin({
       page,
       email: unauthorizedUser.email,
-      redirectPath: `/t/${team.url}/documents/${document.id}/edit`,
+      redirectPath: `/t/${team.url}/documents/${mapSecondaryIdToDocumentId(document.secondaryId)}/edit`,
     });
 
-    await page.goto(`${NEXT_PUBLIC_WEBAPP_URL()}/t/${team.url}/documents/${document.id}/edit`);
+    await page.goto(
+      `${NEXT_PUBLIC_WEBAPP_URL()}/t/${team.url}/documents/${mapSecondaryIdToDocumentId(document.secondaryId)}/edit`,
+    );
     await expect(page.getByRole('heading', { name: 'Oops! Something went wrong.' })).toBeVisible();
   });
 
@@ -91,10 +100,12 @@ test.describe('Unauthorized Access to Documents', () => {
     await apiSignin({
       page,
       email: unauthorizedUser.email,
-      redirectPath: `/t/${team.url}/documents/${document.id}`,
+      redirectPath: `/t/${team.url}/documents/${mapSecondaryIdToDocumentId(document.secondaryId)}`,
     });
 
-    await page.goto(`${NEXT_PUBLIC_WEBAPP_URL()}/t/${team.url}/documents/${document.id}`);
+    await page.goto(
+      `${NEXT_PUBLIC_WEBAPP_URL()}/t/${team.url}/documents/${mapSecondaryIdToDocumentId(document.secondaryId)}`,
+    );
     await expect(page.getByRole('heading', { name: 'Oops! Something went wrong.' })).toBeVisible();
   });
 });

packages/app-tests/e2e/features/include-document-certificate.spec.ts

@@ -28,7 +28,9 @@ test.describe('Signing Certificate Tests', () => {
     const documentData = await prisma.documentData
       .findFirstOrThrow({
         where: {
-          id: document.documentDataId,
+          envelopeItem: {
+            envelopeId: document.id,
+          },
         },
       })
       .then(async (data) => getFile(data));
@@ -65,12 +67,21 @@ test.describe('Signing Certificate Tests', () => {
     await page.waitForTimeout(2500);
 
     // Get the completed document
-    const completedDocument = await prisma.document.findFirstOrThrow({
+    const completedDocument = await prisma.envelope.findFirstOrThrow({
       where: { id: document.id },
-      include: { documentData: true },
+      include: {
+        envelopeItems: {
+          include: {
+            documentData: true,
+          },
+        },
+      },
     });
 
-    const completedDocumentData = await getFile(completedDocument.documentData);
+    // Todo: Envelopes
+    const firstDocumentData = completedDocument.envelopeItems[0].documentData;
+
+    const completedDocumentData = await getFile(firstDocumentData);
 
     // Load the PDF and check number of pages
     const pdfDoc = await PDFDocument.load(completedDocumentData);
@@ -110,7 +121,9 @@ test.describe('Signing Certificate Tests', () => {
     const documentData = await prisma.documentData
       .findFirstOrThrow({
         where: {
-          id: document.documentDataId,
+          envelopeItem: {
+            envelopeId: document.id,
+          },
         },
       })
       .then(async (data) => getFile(data));
@@ -145,12 +158,21 @@ test.describe('Signing Certificate Tests', () => {
     await page.waitForTimeout(2500);
 
     // Get the completed document
-    const completedDocument = await prisma.document.findFirstOrThrow({
+    const completedDocument = await prisma.envelope.findFirstOrThrow({
       where: { id: document.id },
-      include: { documentData: true },
+      include: {
+        envelopeItems: {
+          include: {
+            documentData: true,
+          },
+        },
+      },
     });
 
-    const completedDocumentData = await getFile(completedDocument.documentData);
+    // Todo: Envelopes
+    const firstDocumentData = completedDocument.envelopeItems[0].documentData;
+
+    const completedDocumentData = await getFile(firstDocumentData);
 
     // Load the PDF and check number of pages
     const completedPdf = await PDFDocument.load(completedDocumentData);
@@ -190,7 +212,9 @@ test.describe('Signing Certificate Tests', () => {
     const documentData = await prisma.documentData
       .findFirstOrThrow({
         where: {
-          id: document.documentDataId,
+          envelopeItem: {
+            envelopeId: document.id,
+          },
         },
       })
       .then(async (data) => getFile(data));
@@ -225,12 +249,18 @@ test.describe('Signing Certificate Tests', () => {
     await page.waitForTimeout(2500);
 
     // Get the completed document
-    const completedDocument = await prisma.document.findFirstOrThrow({
+    const completedDocument = await prisma.envelope.findFirstOrThrow({
       where: { id: document.id },
-      include: { documentData: true },
+      include: {
+        envelopeItems: {
+          include: {
+            documentData: true,
+          },
+        },
+      },
     });
 
-    const completedDocumentData = await getFile(completedDocument.documentData);
+    const completedDocumentData = await getFile(completedDocument.envelopeItems[0].documentData);
 
     // Load the PDF and check number of pages
     const completedPdf = await PDFDocument.load(completedDocumentData);

packages/app-tests/e2e/folders/team-account-folders.spec.ts

@@ -383,12 +383,10 @@ test('[TEAMS]: can create a template inside a template folder', async ({ page })
 
   await page.waitForTimeout(3000);
 
-  await page.getByRole('button', { name: 'Create' }).click();
+  // Expect redirect.
-
-  await page.waitForTimeout(1000);
-
   await expect(page.getByText('documenso-supporter-pledge.pdf')).toBeVisible();
 
+  // Return to folder and verify file is visible.
   await page.goto(`/t/${team.url}/templates/f/${folder.id}`);
   await expect(page.getByText('documenso-supporter-pledge.pdf')).toBeVisible();
 });

packages/app-tests/e2e/organisations/organisation-team-preferences.spec.ts

@@ -96,7 +96,7 @@ test('[ORGANISATIONS]: manage document preferences', async ({ page }) => {
 
   const documentMeta = await prisma.documentMeta.findFirstOrThrow({
     where: {
-      documentId: document.id,
+      id: document.documentMetaId,
     },
   });
 
@@ -272,7 +272,7 @@ test('[ORGANISATIONS]: manage email preferences', async ({ page }) => {
 
   const teamOverrideDocumentMeta = await prisma.documentMeta.findFirstOrThrow({
     where: {
-      documentId: teamOverrideDocument.id,
+      id: teamOverrideDocument.documentMetaId,
     },
   });
 
@@ -317,7 +317,7 @@ test('[ORGANISATIONS]: manage email preferences', async ({ page }) => {
 
   const documentMeta = await prisma.documentMeta.findFirstOrThrow({
     where: {
-      documentId: document.id,
+      id: document.documentMetaId,
     },
   });
 

packages/app-tests/e2e/teams/team-documents.spec.ts

@@ -1,6 +1,7 @@
 import { expect, test } from '@playwright/test';
 import { DocumentStatus, DocumentVisibility, TeamMemberRole } from '@prisma/client';
 
+import { mapSecondaryIdToDocumentId } from '@documenso/lib/utils/envelope';
 import {
   seedBlankDocument,
   seedDocuments,
@@ -750,7 +751,7 @@ test('[TEAMS]: check that ADMIN role can change document visibility', async ({ p
   await apiSignin({
     page,
     email: adminUser.email,
-    redirectPath: `/t/${team.url}/documents/${document.id}/edit`,
+    redirectPath: `/t/${team.url}/documents/${mapSecondaryIdToDocumentId(document.secondaryId)}/edit`,
   });
 
   await page.getByTestId('documentVisibilitySelectValue').click();
@@ -784,7 +785,7 @@ test('[TEAMS]: check that MEMBER role cannot change visibility of EVERYONE docum
   await apiSignin({
     page,
     email: teamMember.email,
-    redirectPath: `/t/${team.url}/documents/${document.id}/edit`,
+    redirectPath: `/t/${team.url}/documents/${mapSecondaryIdToDocumentId(document.secondaryId)}/edit`,
   });
 
   await expect(page.getByTestId('documentVisibilitySelectValue')).toHaveText('Everyone');
@@ -810,7 +811,7 @@ test('[TEAMS]: check that MEMBER role cannot change visibility of MANAGER_AND_AB
   await apiSignin({
     page,
     email: teamMember.email,
-    redirectPath: `/t/${team.url}/documents/${document.id}/edit`,
+    redirectPath: `/t/${team.url}/documents/${mapSecondaryIdToDocumentId(document.secondaryId)}/edit`,
   });
 
   await expect(page.getByTestId('documentVisibilitySelectValue')).toHaveText('Managers and above');
@@ -836,7 +837,7 @@ test('[TEAMS]: check that MEMBER role cannot change visibility of ADMIN document
   await apiSignin({
     page,
     email: teamMember.email,
-    redirectPath: `/t/${team.url}/documents/${document.id}/edit`,
+    redirectPath: `/t/${team.url}/documents/${mapSecondaryIdToDocumentId(document.secondaryId)}/edit`,
   });
 
   await expect(page.getByTestId('documentVisibilitySelectValue')).toHaveText('Admins only');
@@ -862,7 +863,7 @@ test('[TEAMS]: check that MANAGER role cannot change visibility of ADMIN documen
   await apiSignin({
     page,
     email: teamManager.email,
-    redirectPath: `/t/${team.url}/documents/${document.id}/edit`,
+    redirectPath: `/t/${team.url}/documents/${mapSecondaryIdToDocumentId(document.secondaryId)}/edit`,
   });
 
   await expect(page.getByTestId('documentVisibilitySelectValue')).toHaveText('Admins only');

packages/app-tests/e2e/teams/team-signature-settings.spec.ts

@@ -1,5 +1,9 @@
 import { expect, test } from '@playwright/test';
 
+import {
+  mapSecondaryIdToDocumentId,
+  mapSecondaryIdToTemplateId,
+} from '@documenso/lib/utils/envelope';
 import { prisma } from '@documenso/prisma';
 import {
   seedTeamDocumentWithMeta,
@@ -21,7 +25,9 @@ test('[TEAMS]: check that default team signature settings are all enabled', asyn
   const document = await seedTeamDocumentWithMeta(team);
 
   // Create a document and check the settings
-  await page.goto(`/t/${team.url}/documents/${document.id}/edit`);
+  await page.goto(
+    `/t/${team.url}/documents/${mapSecondaryIdToDocumentId(document.secondaryId)}/edit`,
+  );
 
   // Verify that the settings match
   await page.getByRole('button', { name: 'Advanced Options' }).click();
@@ -154,7 +160,7 @@ test('[TEAMS]: check signature modes work for templates', async ({ page }) => {
 
     const template = await seedTeamTemplateWithMeta(team);
 
-    await page.goto(`/t/${team.url}/templates/${template.id}`);
+    await page.goto(`/t/${team.url}/templates/${mapSecondaryIdToTemplateId(template.secondaryId)}`);
     await page.getByRole('button', { name: 'Use' }).click();
 
     // Check the send document checkbox to true
@@ -162,9 +168,10 @@ test('[TEAMS]: check signature modes work for templates', async ({ page }) => {
     await page.getByRole('button', { name: 'Create and send' }).click();
     await page.waitForTimeout(1000);
 
-    const document = await prisma.document.findFirst({
+    const document = await prisma.envelope.findFirst({
       where: {
-        templateId: template.id,
+        // Created from template
+        templateId: mapSecondaryIdToTemplateId(template.secondaryId),
       },
       include: {
         documentMeta: true,

packages/app-tests/e2e/templates-flow/template-settings-step.spec.ts

@@ -1,6 +1,7 @@
 import { expect, test } from '@playwright/test';
 import { TeamMemberRole } from '@prisma/client';
 
+import { mapSecondaryIdToTemplateId } from '@documenso/lib/utils/envelope';
 import { seedTeam, seedTeamMember } from '@documenso/prisma/seed/teams';
 import { seedBlankTemplate } from '@documenso/prisma/seed/templates';
 import { seedUser } from '@documenso/prisma/seed/users';
@@ -14,7 +15,7 @@ test('[TEMPLATE_FLOW]: add settings', async ({ page }) => {
   await apiSignin({
     page,
     email: user.email,
-    redirectPath: `/t/${team.url}/templates/${template.id}/edit`,
+    redirectPath: `/t/${team.url}/templates/${mapSecondaryIdToTemplateId(template.secondaryId)}/edit`,
   });
 
   // Set title.
@@ -48,7 +49,7 @@ test('[TEMPLATE_FLOW] add document visibility settings', async ({ page }) => {
   await apiSignin({
     page,
     email: user.email,
-    redirectPath: `/t/${team.url}/templates/${template.id}/edit`,
+    redirectPath: `/t/${team.url}/templates/${mapSecondaryIdToTemplateId(template.secondaryId)}/edit`,
   });
 
   // Set document visibility.
@@ -63,7 +64,9 @@ test('[TEMPLATE_FLOW] add document visibility settings', async ({ page }) => {
   await expect(page.getByRole('heading', { name: 'Add Placeholders' })).toBeVisible();
 
   // Navigate back to the edit page to check that the settings are saved correctly.
-  await page.goto(`/t/${team.url}/templates/${template.id}/edit`);
+  await page.goto(
+    `/t/${team.url}/templates/${mapSecondaryIdToTemplateId(template.secondaryId)}/edit`,
+  );
 
   await expect(page.getByRole('heading', { name: 'General' })).toBeVisible();
   await expect(page.getByTestId('documentVisibilitySelectValue')).toContainText(
@@ -96,7 +99,7 @@ test('[TEMPLATE_FLOW] team member visibility permissions', async ({ page }) => {
   await apiSignin({
     page,
     email: managerUser.email,
-    redirectPath: `/t/${team.url}/templates/${template.id}/edit`,
+    redirectPath: `/t/${team.url}/templates/${mapSecondaryIdToTemplateId(template.secondaryId)}/edit`,
   });
 
   // Manager should be able to set visibility to managers and above
@@ -115,11 +118,12 @@ test('[TEMPLATE_FLOW] team member visibility permissions', async ({ page }) => {
   await apiSignin({
     page,
     email: memberUser.email,
-    redirectPath: `/t/${team.url}/templates/${template.id}/edit`,
+    redirectPath: `/t/${team.url}/templates/${mapSecondaryIdToTemplateId(template.secondaryId)}/edit`,
   });
 
-  // Regular member should not be able to modify visibility when set to managers and above
+  // A regular member should not be able to see the template.
-  await expect(page.getByTestId('documentVisibilitySelectValue')).toBeDisabled();
+  // They should be redirected to the templates page.
+  expect(new URL(page.url()).pathname).toBe(`/t/${team.url}/templates`);
 
   // Create a new template with 'everyone' visibility
   const everyoneTemplate = await seedBlankTemplate(owner, team.id, {
@@ -130,7 +134,9 @@ test('[TEMPLATE_FLOW] team member visibility permissions', async ({ page }) => {
   });
 
   // Navigate to the new template
-  await page.goto(`/t/${team.url}/templates/${everyoneTemplate.id}/edit`);
+  await page.goto(
+    `/t/${team.url}/templates/${mapSecondaryIdToTemplateId(everyoneTemplate.secondaryId)}/edit`,
+  );
 
   // Regular member should be able to see but not modify visibility
   await expect(page.getByTestId('documentVisibilitySelectValue')).toBeDisabled();

packages/app-tests/e2e/templates-flow/template-signers-step.spec.ts

@@ -1,5 +1,6 @@
 import { expect, test } from '@playwright/test';
 
+import { mapSecondaryIdToTemplateId } from '@documenso/lib/utils/envelope';
 import { seedBlankTemplate } from '@documenso/prisma/seed/templates';
 import { seedUser } from '@documenso/prisma/seed/users';
 
@@ -29,7 +30,7 @@ import { apiSignin } from '../fixtures/authentication';
 //     await apiSignin({
 //       page,
 //       email: user.email,
-//       redirectPath: `/templates/${template.id}/edit`,
+//       redirectPath: `/templates/${mapSecondaryIdToTemplateId(template.secondaryId)}/edit`,
 //     });
 
 //     // Save the settings by going to the next step.
@@ -79,7 +80,7 @@ test('[TEMPLATE_FLOW]: add placeholder', async ({ page }) => {
   await apiSignin({
     page,
     email: user.email,
-    redirectPath: `/t/${team.url}/templates/${template.id}/edit`,
+    redirectPath: `/t/${team.url}/templates/${mapSecondaryIdToTemplateId(template.secondaryId)}/edit`,
   });
 
   // Save the settings by going to the next step.

packages/app-tests/e2e/templates/create-document-from-template.spec.ts

@@ -4,6 +4,10 @@ import fs from 'fs';
 import path from 'path';
 
 import { extractDocumentAuthMethods } from '@documenso/lib/utils/document-auth';
+import {
+  mapDocumentIdToSecondaryId,
+  mapSecondaryIdToTemplateId,
+} from '@documenso/lib/utils/envelope';
 import { prisma } from '@documenso/prisma';
 import { seedTeam, seedTeamMember } from '@documenso/prisma/seed/teams';
 import { seedBlankTemplate } from '@documenso/prisma/seed/templates';
@@ -29,7 +33,7 @@ test('[TEMPLATE]: should create a document from a template', async ({ page }) =>
   await apiSignin({
     page,
     email: user.email,
-    redirectPath: `/t/${team.url}/templates/${template.id}/edit`,
+    redirectPath: `/t/${team.url}/templates/${mapSecondaryIdToTemplateId(template.secondaryId)}/edit`,
   });
 
   // Set template title.
@@ -79,9 +83,9 @@ test('[TEMPLATE]: should create a document from a template', async ({ page }) =>
 
   const documentId = Number(page.url().split('/').pop());
 
-  const document = await prisma.document.findFirstOrThrow({
+  const document = await prisma.envelope.findFirstOrThrow({
     where: {
-      id: documentId,
+      secondaryId: mapDocumentIdToSecondaryId(documentId),
     },
     include: {
       recipients: true,
@@ -132,7 +136,7 @@ test('[TEMPLATE]: should create a team document from a team template', async ({
   await apiSignin({
     page,
     email: owner.email,
-    redirectPath: `/t/${team.url}/templates/${template.id}/edit`,
+    redirectPath: `/t/${team.url}/templates/${mapSecondaryIdToTemplateId(template.secondaryId)}/edit`,
   });
 
   // Set template title.
@@ -182,9 +186,9 @@ test('[TEMPLATE]: should create a team document from a team template', async ({
 
   const documentId = Number(page.url().split('/').pop());
 
-  const document = await prisma.document.findFirstOrThrow({
+  const document = await prisma.envelope.findFirstOrThrow({
     where: {
-      id: documentId,
+      secondaryId: mapDocumentIdToSecondaryId(documentId),
     },
     include: {
       recipients: true,
@@ -240,7 +244,7 @@ test('[TEMPLATE]: should create a document from a template with custom document'
   await apiSignin({
     page,
     email: user.email,
-    redirectPath: `/t/${team.url}/templates/${template.id}/edit`,
+    redirectPath: `/t/${team.url}/templates/${mapSecondaryIdToTemplateId(template.secondaryId)}/edit`,
   });
 
   // Set template title
@@ -288,30 +292,36 @@ test('[TEMPLATE]: should create a document from a template with custom document'
 
   const documentId = Number(page.url().split('/').pop());
 
-  const document = await prisma.document.findFirstOrThrow({
+  const document = await prisma.envelope.findFirstOrThrow({
     where: {
-      id: documentId,
+      secondaryId: mapDocumentIdToSecondaryId(documentId),
     },
+    include: {
+      envelopeItems: {
         include: {
           documentData: true,
         },
+      },
+    },
   });
 
+  const firstDocumentData = document.envelopeItems[0].documentData;
+
   const expectedDocumentDataType =
     process.env.NEXT_PUBLIC_UPLOAD_TRANSPORT === 's3'
       ? DocumentDataType.S3_PATH
       : DocumentDataType.BYTES_64;
 
   expect(document.title).toEqual('TEMPLATE_WITH_CUSTOM_DOC');
-  expect(document.documentData.type).toEqual(expectedDocumentDataType);
+  expect(firstDocumentData.type).toEqual(expectedDocumentDataType);
 
   if (expectedDocumentDataType === DocumentDataType.BYTES_64) {
-    expect(document.documentData.data).toEqual(pdfContent);
+    expect(firstDocumentData.data).toEqual(pdfContent);
-    expect(document.documentData.initialData).toEqual(pdfContent);
+    expect(firstDocumentData.initialData).toEqual(pdfContent);
   } else {
     // For S3, we expect the data/initialData to be the S3 path (non-empty string)
-    expect(document.documentData.data).toBeTruthy();
+    expect(firstDocumentData.data).toBeTruthy();
-    expect(document.documentData.initialData).toBeTruthy();
+    expect(firstDocumentData.initialData).toBeTruthy();
   }
 });
 
@@ -333,7 +343,7 @@ test('[TEMPLATE]: should create a team document from a template with custom docu
   await apiSignin({
     page,
     email: owner.email,
-    redirectPath: `/t/${team.url}/templates/${template.id}/edit`,
+    redirectPath: `/t/${team.url}/templates/${mapSecondaryIdToTemplateId(template.secondaryId)}/edit`,
   });
 
   // Set template title
@@ -381,13 +391,17 @@ test('[TEMPLATE]: should create a team document from a template with custom docu
 
   const documentId = Number(page.url().split('/').pop());
 
-  const document = await prisma.document.findFirstOrThrow({
+  const document = await prisma.envelope.findFirstOrThrow({
     where: {
-      id: documentId,
+      secondaryId: mapDocumentIdToSecondaryId(documentId),
     },
+    include: {
+      envelopeItems: {
         include: {
           documentData: true,
         },
+      },
+    },
   });
 
   const expectedDocumentDataType =
@@ -395,17 +409,19 @@ test('[TEMPLATE]: should create a team document from a template with custom docu
       ? DocumentDataType.S3_PATH
       : DocumentDataType.BYTES_64;
 
+  const firstDocumentData = document.envelopeItems[0].documentData;
+
   expect(document.teamId).toEqual(team.id);
   expect(document.title).toEqual('TEAM_TEMPLATE_WITH_CUSTOM_DOC');
-  expect(document.documentData.type).toEqual(expectedDocumentDataType);
+  expect(firstDocumentData.type).toEqual(expectedDocumentDataType);
 
   if (expectedDocumentDataType === DocumentDataType.BYTES_64) {
-    expect(document.documentData.data).toEqual(pdfContent);
+    expect(firstDocumentData.data).toEqual(pdfContent);
-    expect(document.documentData.initialData).toEqual(pdfContent);
+    expect(firstDocumentData.initialData).toEqual(pdfContent);
   } else {
     // For S3, we expect the data/initialData to be the S3 path (non-empty string)
-    expect(document.documentData.data).toBeTruthy();
+    expect(firstDocumentData.data).toBeTruthy();
-    expect(document.documentData.initialData).toBeTruthy();
+    expect(firstDocumentData.initialData).toBeTruthy();
   }
 });
 
@@ -422,7 +438,7 @@ test('[TEMPLATE]: should create a document from a template using template docume
   await apiSignin({
     page,
     email: user.email,
-    redirectPath: `/t/${team.url}/templates/${template.id}/edit`,
+    redirectPath: `/t/${team.url}/templates/${mapSecondaryIdToTemplateId(template.secondaryId)}/edit`,
   });
 
   // Set template title
@@ -455,30 +471,40 @@ test('[TEMPLATE]: should create a document from a template using template docume
 
   const documentId = Number(page.url().split('/').pop());
 
-  const document = await prisma.document.findFirstOrThrow({
+  const document = await prisma.envelope.findFirstOrThrow({
     where: {
-      id: documentId,
+      secondaryId: mapDocumentIdToSecondaryId(documentId),
     },
+    include: {
+      envelopeItems: {
         include: {
           documentData: true,
         },
+      },
+    },
   });
 
-  const templateWithData = await prisma.template.findFirstOrThrow({
+  const firstDocumentData = document.envelopeItems[0].documentData;
+
+  const templateWithData = await prisma.envelope.findFirstOrThrow({
     where: {
       id: template.id,
     },
     include: {
-      templateDocumentData: true,
+      envelopeItems: {
+        include: {
+          documentData: true,
+        },
+      },
     },
   });
 
   expect(document.title).toEqual('TEMPLATE_WITH_ORIGINAL_DOC');
-  expect(document.documentData.data).toEqual(templateWithData.templateDocumentData.data);
+  expect(firstDocumentData.data).toEqual(templateWithData.envelopeItems[0].documentData.data);
-  expect(document.documentData.initialData).toEqual(
+  expect(firstDocumentData.initialData).toEqual(
-    templateWithData.templateDocumentData.initialData,
+    templateWithData.envelopeItems[0].documentData.initialData,
   );
-  expect(document.documentData.type).toEqual(templateWithData.templateDocumentData.type);
+  expect(firstDocumentData.type).toEqual(templateWithData.envelopeItems[0].documentData.type);
 });
 
 test('[TEMPLATE]: should persist document visibility when creating from template', async ({
@@ -493,7 +519,7 @@ test('[TEMPLATE]: should persist document visibility when creating from template
   await apiSignin({
     page,
     email: owner.email,
-    redirectPath: `/t/${team.url}/templates/${template.id}/edit`,
+    redirectPath: `/t/${team.url}/templates/${mapSecondaryIdToTemplateId(template.secondaryId)}/edit`,
   });
 
   // Set template title and visibility
@@ -536,9 +562,16 @@ test('[TEMPLATE]: should persist document visibility when creating from template
 
   const documentId = Number(page.url().split('/').pop());
 
-  const document = await prisma.document.findFirstOrThrow({
+  const document = await prisma.envelope.findFirstOrThrow({
     where: {
-      id: documentId,
+      secondaryId: mapDocumentIdToSecondaryId(documentId),
+    },
+    include: {
+      envelopeItems: {
+        include: {
+          documentData: true,
+        },
+      },
     },
   });
 

packages/app-tests/e2e/templates/direct-templates.spec.ts

@@ -3,6 +3,7 @@ import { customAlphabet } from 'nanoid';
 
 import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app';
 import { createDocumentAuthOptions } from '@documenso/lib/utils/document-auth';
+import { mapSecondaryIdToTemplateId } from '@documenso/lib/utils/envelope';
 import { formatDirectTemplatePath } from '@documenso/lib/utils/templates';
 import { seedTeam } from '@documenso/prisma/seed/teams';
 import { seedDirectTemplate, seedTemplate } from '@documenso/prisma/seed/templates';
@@ -34,7 +35,7 @@ test('[DIRECT_TEMPLATES]: create direct link for template', async ({ page }) =>
     redirectPath: `/t/${team.url}/templates`,
   });
 
-  const url = `${NEXT_PUBLIC_WEBAPP_URL()}/t/${team.url}/templates/${teamTemplate.id}`;
+  const url = `${NEXT_PUBLIC_WEBAPP_URL()}/t/${team.url}/templates/${mapSecondaryIdToTemplateId(teamTemplate.secondaryId)}`;
 
   // Owner should see list of templates with no direct link badge.
   await page.goto(url);

packages/app-tests/e2e/templates/test-unauthorized-template-access.spec.ts

@@ -1,6 +1,7 @@
 import { expect, test } from '@playwright/test';
 
 import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app';
+import { mapSecondaryIdToTemplateId } from '@documenso/lib/utils/envelope';
 import { seedBlankTemplate } from '@documenso/prisma/seed/templates';
 import { seedUser } from '@documenso/prisma/seed/users';
 
@@ -20,10 +21,12 @@ test.describe('Unauthorized Access to Templates', () => {
     await apiSignin({
       page,
       email: unauthorizedUser.email,
-      redirectPath: `/t/${team.url}/templates/${template.id}`,
+      redirectPath: `/t/${team.url}/templates/${mapSecondaryIdToTemplateId(template.secondaryId)}`,
     });
 
-    await page.goto(`${NEXT_PUBLIC_WEBAPP_URL()}/t/${team.url}/templates/${template.id}`);
+    await page.goto(
+      `${NEXT_PUBLIC_WEBAPP_URL()}/t/${team.url}/templates/${mapSecondaryIdToTemplateId(template.secondaryId)}`,
+    );
     await expect(page.getByRole('heading', { name: 'Oops! Something went wrong.' })).toBeVisible();
   });
 
@@ -36,10 +39,12 @@ test.describe('Unauthorized Access to Templates', () => {
     await apiSignin({
       page,
       email: unauthorizedUser.email,
-      redirectPath: `/t/${team.url}/templates/${template.id}/edit`,
+      redirectPath: `/t/${team.url}/templates/${mapSecondaryIdToTemplateId(template.secondaryId)}/edit`,
     });
 
-    await page.goto(`${NEXT_PUBLIC_WEBAPP_URL()}/t/${team.url}/templates/${template.id}/edit`);
+    await page.goto(
+      `${NEXT_PUBLIC_WEBAPP_URL()}/t/${team.url}/templates/${mapSecondaryIdToTemplateId(template.secondaryId)}/edit`,
+    );
     await expect(page.getByRole('heading', { name: 'Oops! Something went wrong.' })).toBeVisible();
   });
 });

packages/ee/server-only/limits/server.ts

@@ -1,4 +1,4 @@
-import { DocumentSource, SubscriptionStatus } from '@prisma/client';
+import { DocumentSource, EnvelopeType, SubscriptionStatus } from '@prisma/client';
 import { DateTime } from 'luxon';
 
 import { IS_BILLING_ENABLED } from '@documenso/lib/constants/app';
@@ -84,8 +84,9 @@ export const getServerLimits = async ({
   }
 
   const [documents, directTemplates] = await Promise.all([
-    prisma.document.count({
+    prisma.envelope.count({
       where: {
+        type: EnvelopeType.DOCUMENT,
         team: {
           organisationId: organisation.id,
         },
@@ -97,8 +98,9 @@ export const getServerLimits = async ({
         },
       },
     }),
-    prisma.template.count({
+    prisma.envelope.count({
       where: {
+        type: EnvelopeType.TEMPLATE,
         team: {
           organisationId: organisation.id,
         },

packages/lib/client-only/hooks/use-copy-share-link.ts

@@ -1,5 +1,5 @@
 import { trpc } from '@documenso/trpc/react';
-import type { TCreateOrGetShareLinkMutationSchema } from '@documenso/trpc/server/share-link-router/schema';
+import type { TShareDocumentRequest } from '@documenso/trpc/server/document-router/share-document.types';
 
 import { useCopyToClipboard } from './use-copy-to-clipboard';
 
@@ -12,14 +12,14 @@ export function useCopyShareLink({ onSuccess, onError }: UseCopyShareLinkOptions
   const [, copyToClipboard] = useCopyToClipboard();
 
   const { mutateAsync: createOrGetShareLink, isPending: isCreatingShareLink } =
-    trpc.shareLink.createOrGetShareLink.useMutation();
+    trpc.document.share.useMutation();
 
   /**
    * Copy a newly created, or pre-existing share link to the user's clipboard.
    *
    * @param payload The payload to create or get a share link.
    */
-  const createAndCopyShareLink = async (payload: TCreateOrGetShareLinkMutationSchema) => {
+  const createAndCopyShareLink = async (payload: TShareDocumentRequest) => {
     const valueToCopy = createOrGetShareLink(payload).then(
       (result) => `${window.location.origin}/share/${result.slug}`,
     );

packages/lib/client-only/hooks/use-field-page-coords.ts

@@ -5,7 +5,9 @@ import type { Field } from '@prisma/client';
 import { getBoundingClientRect } from '@documenso/lib/client-only/get-bounding-client-rect';
 import { PDF_VIEWER_PAGE_SELECTOR } from '@documenso/lib/constants/pdf-viewer';
 
-export const useFieldPageCoords = (field: Field) => {
+export const useFieldPageCoords = (
+  field: Pick<Field, 'positionX' | 'positionY' | 'width' | 'height' | 'page'>,
+) => {
   const [coords, setCoords] = useState({
     x: 0,
     y: 0,

packages/lib/constants/teams.ts

@@ -1,4 +1,4 @@
-import { OrganisationGroupType, TeamMemberRole } from '@prisma/client';
+import { DocumentVisibility, OrganisationGroupType, TeamMemberRole } from '@prisma/client';
 
 export const TEAM_URL_ROOT_REGEX = new RegExp('^/t/[^/]+/?$');
 export const TEAM_URL_REGEX = new RegExp('^/t/[^/]+');
@@ -33,6 +33,16 @@ export const TEAM_MEMBER_ROLE_PERMISSIONS_MAP = {
   MANAGE_TEAM: [TeamMemberRole.ADMIN, TeamMemberRole.MANAGER],
 } satisfies Record<string, TeamMemberRole[]>;
 
+export const TEAM_DOCUMENT_VISIBILITY_MAP = {
+  [TeamMemberRole.ADMIN]: [
+    DocumentVisibility.ADMIN,
+    DocumentVisibility.MANAGER_AND_ABOVE,
+    DocumentVisibility.EVERYONE,
+  ],
+  [TeamMemberRole.MANAGER]: [DocumentVisibility.MANAGER_AND_ABOVE, DocumentVisibility.EVERYONE],
+  [TeamMemberRole.MEMBER]: [DocumentVisibility.EVERYONE],
+} satisfies Record<TeamMemberRole, DocumentVisibility[]>;
+
 /**
  * A hierarchy of team member roles to determine which role has higher permission than another.
  *

packages/lib/jobs/definitions/emails/send-document-cancelled-emails.handler.ts

@@ -1,7 +1,7 @@
 import { createElement } from 'react';
 
 import { msg } from '@lingui/core/macro';
-import { ReadStatus, SendStatus, SigningStatus } from '@prisma/client';
+import { EnvelopeType, ReadStatus, SendStatus, SigningStatus } from '@prisma/client';
 
 import { mailer } from '@documenso/email/mailer';
 import DocumentCancelTemplate from '@documenso/email/templates/document-cancel';
@@ -11,6 +11,7 @@ import { getI18nInstance } from '../../../client-only/providers/i18n-server';
 import { NEXT_PUBLIC_WEBAPP_URL } from '../../../constants/app';
 import { getEmailContext } from '../../../server-only/email/get-email-context';
 import { extractDerivedDocumentEmailSettings } from '../../../types/document-email';
+import { unsafeBuildEnvelopeIdQuery } from '../../../utils/envelope';
 import { renderEmailWithI18N } from '../../../utils/render-email-with-i18n';
 import type { JobRunIO } from '../../client/_internal/job';
 import type { TSendDocumentCancelledEmailsJobDefinition } from './send-document-cancelled-emails';
@@ -24,10 +25,14 @@ export const run = async ({
 }) => {
   const { documentId, cancellationReason } = payload;
 
-  const document = await prisma.document.findFirstOrThrow({
+  const envelope = await prisma.envelope.findFirstOrThrow({
-    where: {
+    where: unsafeBuildEnvelopeIdQuery(
+      {
+        type: 'documentId',
         id: documentId,
       },
+      EnvelopeType.DOCUMENT,
+    ),
     include: {
       user: {
         select: {
@@ -52,12 +57,12 @@ export const run = async ({
     emailType: 'RECIPIENT',
     source: {
       type: 'team',
-      teamId: document.teamId,
+      teamId: envelope.teamId,
     },
-    meta: document.documentMeta,
+    meta: envelope.documentMeta,
   });
 
-  const { documentMeta, user: documentOwner } = document;
+  const { documentMeta, user: documentOwner } = envelope;
 
   // Check if document cancellation emails are enabled
   const isEmailEnabled = extractDerivedDocumentEmailSettings(documentMeta).documentDeleted;
@@ -69,7 +74,7 @@ export const run = async ({
   const i18n = await getI18nInstance(emailLanguage);
 
   // Send cancellation emails to all recipients who have been sent the document or viewed it
-  const recipientsToNotify = document.recipients.filter(
+  const recipientsToNotify = envelope.recipients.filter(
     (recipient) =>
       (recipient.sendStatus === SendStatus.SENT || recipient.readStatus === ReadStatus.OPENED) &&
       recipient.signingStatus !== SigningStatus.REJECTED,
@@ -79,7 +84,7 @@ export const run = async ({
     await Promise.all(
       recipientsToNotify.map(async (recipient) => {
         const template = createElement(DocumentCancelTemplate, {
-          documentName: document.title,
+          documentName: envelope.title,
           inviterName: documentOwner.name || undefined,
           inviterEmail: documentOwner.email,
           assetBaseUrl: NEXT_PUBLIC_WEBAPP_URL(),
@@ -102,7 +107,7 @@ export const run = async ({
           },
           from: senderEmail,
           replyTo: replyToEmail,
-          subject: i18n._(msg`Document "${document.title}" Cancelled`),
+          subject: i18n._(msg`Document "${envelope.title}" Cancelled`),
           html,
           text,
         });

packages/lib/jobs/definitions/emails/send-recipient-signed-email.handler.ts

@@ -1,6 +1,7 @@
 import { createElement } from 'react';
 
 import { msg } from '@lingui/core/macro';
+import { EnvelopeType } from '@prisma/client';
 
 import { mailer } from '@documenso/email/mailer';
 import { DocumentRecipientSignedEmailTemplate } from '@documenso/email/templates/document-recipient-signed';
@@ -10,6 +11,7 @@ import { getI18nInstance } from '../../../client-only/providers/i18n-server';
 import { NEXT_PUBLIC_WEBAPP_URL } from '../../../constants/app';
 import { getEmailContext } from '../../../server-only/email/get-email-context';
 import { extractDerivedDocumentEmailSettings } from '../../../types/document-email';
+import { unsafeBuildEnvelopeIdQuery } from '../../../utils/envelope';
 import { renderEmailWithI18N } from '../../../utils/render-email-with-i18n';
 import type { JobRunIO } from '../../client/_internal/job';
 import type { TSendRecipientSignedEmailJobDefinition } from './send-recipient-signed-email';
@@ -23,9 +25,15 @@ export const run = async ({
 }) => {
   const { documentId, recipientId } = payload;
 
-  const document = await prisma.document.findFirst({
+  const envelope = await prisma.envelope.findFirst({
     where: {
+      ...unsafeBuildEnvelopeIdQuery(
+        {
+          type: 'documentId',
           id: documentId,
+        },
+        EnvelopeType.DOCUMENT,
+      ),
       recipients: {
         some: {
           id: recipientId,
@@ -49,25 +57,25 @@ export const run = async ({
     },
   });
 
-  if (!document) {
+  if (!envelope) {
     throw new Error('Document not found');
   }
 
-  if (document.recipients.length === 0) {
+  if (envelope.recipients.length === 0) {
     throw new Error('Document has no recipients');
   }
 
   const isRecipientSignedEmailEnabled = extractDerivedDocumentEmailSettings(
-    document.documentMeta,
+    envelope.documentMeta,
   ).recipientSigned;
 
   if (!isRecipientSignedEmailEnabled) {
     return;
   }
 
-  const [recipient] = document.recipients;
+  const [recipient] = envelope.recipients;
   const { email: recipientEmail, name: recipientName } = recipient;
-  const { user: owner } = document;
+  const { user: owner } = envelope;
 
   const recipientReference = recipientName || recipientEmail;
 
@@ -80,9 +88,9 @@ export const run = async ({
     emailType: 'INTERNAL',
     source: {
       type: 'team',
-      teamId: document.teamId,
+      teamId: envelope.teamId,
     },
-    meta: document.documentMeta,
+    meta: envelope.documentMeta,
   });
 
   const assetBaseUrl = NEXT_PUBLIC_WEBAPP_URL() || 'http://localhost:3000';
@@ -90,7 +98,7 @@ export const run = async ({
   const i18n = await getI18nInstance(emailLanguage);
 
   const template = createElement(DocumentRecipientSignedEmailTemplate, {
-    documentName: document.title,
+    documentName: envelope.title,
     recipientName,
     recipientEmail,
     assetBaseUrl,
@@ -112,7 +120,7 @@ export const run = async ({
         address: owner.email,
       },
       from: senderEmail,
-      subject: i18n._(msg`${recipientReference} has signed "${document.title}"`),
+      subject: i18n._(msg`${recipientReference} has signed "${envelope.title}"`),
       html,
       text,
     });

packages/lib/jobs/definitions/emails/send-rejection-emails.handler.ts

@@ -1,7 +1,7 @@
 import { createElement } from 'react';
 
 import { msg } from '@lingui/core/macro';
-import { SendStatus, SigningStatus } from '@prisma/client';
+import { EnvelopeType, SendStatus, SigningStatus } from '@prisma/client';
 
 import { mailer } from '@documenso/email/mailer';
 import DocumentRejectedEmail from '@documenso/email/templates/document-rejected';
@@ -13,6 +13,7 @@ import { NEXT_PUBLIC_WEBAPP_URL } from '../../../constants/app';
 import { DOCUMENSO_INTERNAL_EMAIL } from '../../../constants/email';
 import { getEmailContext } from '../../../server-only/email/get-email-context';
 import { extractDerivedDocumentEmailSettings } from '../../../types/document-email';
+import { unsafeBuildEnvelopeIdQuery } from '../../../utils/envelope';
 import { renderEmailWithI18N } from '../../../utils/render-email-with-i18n';
 import { formatDocumentsPath } from '../../../utils/teams';
 import type { JobRunIO } from '../../client/_internal/job';
@@ -27,11 +28,15 @@ export const run = async ({
 }) => {
   const { documentId, recipientId } = payload;
 
-  const [document, recipient] = await Promise.all([
+  const [envelope, recipient] = await Promise.all([
-    prisma.document.findFirstOrThrow({
+    prisma.envelope.findFirstOrThrow({
-      where: {
+      where: unsafeBuildEnvelopeIdQuery(
+        {
+          type: 'documentId',
           id: documentId,
         },
+        EnvelopeType.DOCUMENT,
+      ),
       include: {
         user: {
           select: {
@@ -58,10 +63,10 @@ export const run = async ({
     }),
   ]);
 
-  const { user: documentOwner } = document;
+  const { user: documentOwner } = envelope;
 
   const isEmailEnabled = extractDerivedDocumentEmailSettings(
-    document.documentMeta,
+    envelope.documentMeta,
   ).recipientSigningRequest;
 
   if (!isEmailEnabled) {
@@ -72,9 +77,9 @@ export const run = async ({
     emailType: 'RECIPIENT',
     source: {
       type: 'team',
-      teamId: document.teamId,
+      teamId: envelope.teamId,
     },
-    meta: document.documentMeta,
+    meta: envelope.documentMeta,
   });
 
   const i18n = await getI18nInstance(emailLanguage);
@@ -83,8 +88,8 @@ export const run = async ({
   await io.runTask('send-rejection-confirmation-email', async () => {
     const recipientTemplate = createElement(DocumentRejectionConfirmedEmail, {
       recipientName: recipient.name,
-      documentName: document.title,
+      documentName: envelope.title,
-      documentOwnerName: document.user.name || document.user.email,
+      documentOwnerName: envelope.user.name || envelope.user.email,
       reason: recipient.rejectionReason || '',
       assetBaseUrl: NEXT_PUBLIC_WEBAPP_URL(),
     });
@@ -105,7 +110,7 @@ export const run = async ({
       },
       from: senderEmail,
       replyTo: replyToEmail,
-      subject: i18n._(msg`Document "${document.title}" - Rejection Confirmed`),
+      subject: i18n._(msg`Document "${envelope.title}" - Rejection Confirmed`),
       html,
       text,
     });
@@ -115,9 +120,9 @@ export const run = async ({
   await io.runTask('send-owner-notification-email', async () => {
     const ownerTemplate = createElement(DocumentRejectedEmail, {
       recipientName: recipient.name,
-      documentName: document.title,
+      documentName: envelope.title,
-      documentUrl: `${NEXT_PUBLIC_WEBAPP_URL()}${formatDocumentsPath(document.team?.url)}/${
+      documentUrl: `${NEXT_PUBLIC_WEBAPP_URL()}${formatDocumentsPath(envelope.team?.url)}/${
-        document.id
+        envelope.id
       }`,
       rejectionReason: recipient.rejectionReason || '',
       assetBaseUrl: NEXT_PUBLIC_WEBAPP_URL(),
@@ -138,7 +143,7 @@ export const run = async ({
         address: documentOwner.email,
       },
       from: DOCUMENSO_INTERNAL_EMAIL, // Purposefully using internal email here.
-      subject: i18n._(msg`Document "${document.title}" - Rejected by ${recipient.name}`),
+      subject: i18n._(msg`Document "${envelope.title}" - Rejected by ${recipient.name}`),
       html,
       text,
     });

packages/lib/jobs/definitions/emails/send-signing-email.handler.ts

@@ -4,6 +4,7 @@ import { msg } from '@lingui/core/macro';
 import {
   DocumentSource,
   DocumentStatus,
+  EnvelopeType,
   OrganisationType,
   RecipientRole,
   SendStatus,
@@ -23,6 +24,7 @@ import { getEmailContext } from '../../../server-only/email/get-email-context';
 import { DOCUMENT_AUDIT_LOG_TYPE } from '../../../types/document-audit-logs';
 import { extractDerivedDocumentEmailSettings } from '../../../types/document-email';
 import { createDocumentAuditLogData } from '../../../utils/document-audit-logs';
+import { unsafeBuildEnvelopeIdQuery } from '../../../utils/envelope';
 import { renderCustomEmailTemplate } from '../../../utils/render-custom-email-template';
 import { renderEmailWithI18N } from '../../../utils/render-email-with-i18n';
 import type { JobRunIO } from '../../client/_internal/job';
@@ -37,7 +39,7 @@ export const run = async ({
 }) => {
   const { userId, documentId, recipientId, requestMetadata } = payload;
 
-  const [user, document, recipient] = await Promise.all([
+  const [user, envelope, recipient] = await Promise.all([
     prisma.user.findFirstOrThrow({
       where: {
         id: userId,
@@ -48,9 +50,15 @@ export const run = async ({
         name: true,
       },
     }),
-    prisma.document.findFirstOrThrow({
+    prisma.envelope.findFirstOrThrow({
       where: {
+        ...unsafeBuildEnvelopeIdQuery(
+          {
+            type: 'documentId',
             id: documentId,
+          },
+          EnvelopeType.DOCUMENT,
+        ),
         status: DocumentStatus.PENDING,
       },
       include: {
@@ -70,14 +78,14 @@ export const run = async ({
     }),
   ]);
 
-  const { documentMeta, team } = document;
+  const { documentMeta, team } = envelope;
 
   if (recipient.role === RecipientRole.CC) {
     return;
   }
 
   const isRecipientSigningRequestEmailEnabled = extractDerivedDocumentEmailSettings(
-    document.documentMeta,
+    envelope.documentMeta,
   ).recipientSigningRequest;
 
   if (!isRecipientSigningRequestEmailEnabled) {
@@ -89,13 +97,13 @@ export const run = async ({
       emailType: 'RECIPIENT',
       source: {
         type: 'team',
-        teamId: document.teamId,
+        teamId: envelope.teamId,
       },
-      meta: document.documentMeta,
+      meta: envelope.documentMeta,
     });
 
-  const customEmail = document?.documentMeta;
+  const customEmail = envelope?.documentMeta;
-  const isDirectTemplate = document.source === DocumentSource.TEMPLATE_DIRECT_LINK;
+  const isDirectTemplate = envelope.source === DocumentSource.TEMPLATE_DIRECT_LINK;
 
   const recipientEmailType = RECIPIENT_ROLE_TO_EMAIL_TYPE[recipient.role];
 
@@ -113,7 +121,7 @@ export const run = async ({
 
   if (selfSigner) {
     emailMessage = i18n._(
-      msg`You have initiated the document ${`"${document.title}"`} that requires you to ${recipientActionVerb} it.`,
+      msg`You have initiated the document ${`"${envelope.title}"`} that requires you to ${recipientActionVerb} it.`,
     );
     emailSubject = i18n._(msg`Please ${recipientActionVerb} your document`);
   }
@@ -136,8 +144,8 @@ export const run = async ({
 
       emailMessage = i18n._(
         settings.includeSenderDetails
-          ? msg`${inviterName} on behalf of "${team.name}" has invited you to ${recipientActionVerb} the document "${document.title}".`
+          ? msg`${inviterName} on behalf of "${team.name}" has invited you to ${recipientActionVerb} the document "${envelope.title}".`
-          : msg`${team.name} has invited you to ${recipientActionVerb} the document "${document.title}".`,
+          : msg`${team.name} has invited you to ${recipientActionVerb} the document "${envelope.title}".`,
       );
     }
   }
@@ -145,14 +153,14 @@ export const run = async ({
   const customEmailTemplate = {
     'signer.name': name,
     'signer.email': email,
-    'document.name': document.title,
+    'document.name': envelope.title,
   };
 
   const assetBaseUrl = NEXT_PUBLIC_WEBAPP_URL() || 'http://localhost:3000';
   const signDocumentLink = `${NEXT_PUBLIC_WEBAPP_URL()}/sign/${recipient.token}`;
 
   const template = createElement(DocumentInviteEmailTemplate, {
-    documentName: document.title,
+    documentName: envelope.title,
     inviterName: user.name || undefined,
     inviterEmail:
       organisationType === OrganisationType.ORGANISATION
@@ -210,7 +218,7 @@ export const run = async ({
     await prisma.documentAuditLog.create({
       data: createDocumentAuditLogData({
         type: DOCUMENT_AUDIT_LOG_TYPE.EMAIL_SENT,
-        documentId: document.id,
+        envelopeId: envelope.id,
         user,
         requestMetadata,
         data: {

packages/lib/jobs/definitions/internal/bulk-send-template.handler.ts

@@ -99,9 +99,12 @@ export const run = async ({
         }
       }
 
-      const document = await io.runTask(`create-document-${rowIndex}`, async () => {
+      const envelope = await io.runTask(`create-document-${rowIndex}`, async () => {
         return await createDocumentFromTemplate({
-          templateId: template.id,
+          id: {
+            type: 'templateId',
+            id: template.id,
+          },
           userId,
           teamId,
           recipients: recipients.map((recipient, index) => {
@@ -124,7 +127,10 @@ export const run = async ({
       if (sendImmediately) {
         await io.runTask(`send-document-${rowIndex}`, async () => {
           await sendDocument({
-            documentId: document.id,
+            id: {
+              type: 'envelopeId',
+              id: envelope.id,
+            },
             userId,
             teamId,
             requestMetadata: {

packages/lib/jobs/definitions/internal/seal-document.handler.ts

@@ -1,4 +1,10 @@
-import { DocumentStatus, RecipientRole, SigningStatus, WebhookTriggerEvents } from '@prisma/client';
+import {
+  DocumentStatus,
+  EnvelopeType,
+  RecipientRole,
+  SigningStatus,
+  WebhookTriggerEvents,
+} from '@prisma/client';
 import { nanoid } from 'nanoid';
 import path from 'node:path';
 import { PDFDocument } from 'pdf-lib';
@@ -22,7 +28,7 @@ import { triggerWebhook } from '../../../server-only/webhooks/trigger/trigger-we
 import { DOCUMENT_AUDIT_LOG_TYPE } from '../../../types/document-audit-logs';
 import {
   ZWebhookDocumentSchema,
-  mapDocumentToWebhookDocumentPayload,
+  mapEnvelopeToWebhookDocumentPayload,
 } from '../../../types/webhook-payload';
 import { prefixedId } from '../../../universal/id';
 import { getFileServerSide } from '../../../universal/upload/get-file.server';
@@ -30,6 +36,7 @@ import { putPdfFileServerSide } from '../../../universal/upload/put-file.server'
 import { fieldsContainUnsignedRequiredField } from '../../../utils/advanced-fields-helpers';
 import { isDocumentCompleted } from '../../../utils/document';
 import { createDocumentAuditLogData } from '../../../utils/document-audit-logs';
+import { mapDocumentIdToSecondaryId } from '../../../utils/envelope';
 import type { JobRunIO } from '../../client/_internal/job';
 import type { TSealDocumentJobDefinition } from './seal-document';
 
@@ -42,24 +49,35 @@ export const run = async ({
 }) => {
   const { documentId, sendEmail = true, isResealing = false, requestMetadata } = payload;
 
-  const document = await prisma.document.findFirstOrThrow({
+  const envelope = await prisma.envelope.findFirstOrThrow({
     where: {
-      id: documentId,
+      type: EnvelopeType.DOCUMENT,
+      secondaryId: mapDocumentIdToSecondaryId(documentId),
     },
     include: {
       documentMeta: true,
       recipients: true,
+      envelopeItems: {
+        select: {
+          documentDataId: true,
+        },
+      },
     },
   });
 
+  // Todo: Envelopes
+  if (envelope.envelopeItems.length !== 1) {
+    throw new Error('1 Envelope item required');
+  }
+
   const settings = await getTeamSettings({
-    userId: document.userId,
+    userId: envelope.userId,
-    teamId: document.teamId,
+    teamId: envelope.teamId,
   });
 
   const isComplete =
-    document.recipients.some((recipient) => recipient.signingStatus === SigningStatus.REJECTED) ||
+    envelope.recipients.some((recipient) => recipient.signingStatus === SigningStatus.REJECTED) ||
-    document.recipients.every((recipient) => recipient.signingStatus === SigningStatus.SIGNED);
+    envelope.recipients.every((recipient) => recipient.signingStatus === SigningStatus.SIGNED);
 
   if (!isComplete) {
     throw new AppError(AppErrorCode.UNKNOWN_ERROR, {
@@ -71,13 +89,13 @@ export const run = async ({
   // after it has already run through the update task further below.
   // eslint-disable-next-line @typescript-eslint/require-await
   const documentStatus = await io.runTask('get-document-status', async () => {
-    return document.status;
+    return envelope.status;
   });
 
   // This is the same case as above.
   // eslint-disable-next-line @typescript-eslint/require-await
   const documentDataId = await io.runTask('get-document-data-id', async () => {
-    return document.documentDataId;
+    return envelope.envelopeItems[0].documentDataId;
   });
 
   const documentData = await prisma.documentData.findFirst({
@@ -87,12 +105,12 @@ export const run = async ({
   });
 
   if (!documentData) {
-    throw new Error(`Document ${document.id} has no document data`);
+    throw new Error(`Document ${envelope.id} has no document data`);
   }
 
   const recipients = await prisma.recipient.findMany({
     where: {
-      documentId: document.id,
+      envelopeId: envelope.id,
       role: {
         not: RecipientRole.CC,
       },
@@ -111,7 +129,7 @@ export const run = async ({
 
   const fields = await prisma.field.findMany({
     where: {
-      documentId: document.id,
+      envelopeId: envelope.id,
     },
     include: {
       signature: true,
@@ -120,7 +138,7 @@ export const run = async ({
 
   // Skip the field check if the document is rejected
   if (!isRejected && fieldsContainUnsignedRequiredField(fields)) {
-    throw new Error(`Document ${document.id} has unsigned required fields`);
+    throw new Error(`Document ${envelope.id} has unsigned required fields`);
   }
 
   if (isResealing) {
@@ -129,10 +147,10 @@ export const run = async ({
     documentData.data = documentData.initialData;
   }
 
-  if (!document.qrToken) {
+  if (!envelope.qrToken) {
-    await prisma.document.update({
+    await prisma.envelope.update({
       where: {
-        id: document.id,
+        id: envelope.id,
       },
       data: {
         qrToken: prefixedId('qr'),
@@ -145,7 +163,7 @@ export const run = async ({
   const certificateData = settings.includeSigningCertificate
     ? await getCertificatePdf({
         documentId,
-        language: document.documentMeta?.language,
+        language: envelope.documentMeta?.language,
       }).catch((e) => {
         console.log('Failed to get certificate PDF');
         console.error(e);
@@ -157,7 +175,7 @@ export const run = async ({
   const auditLogData = settings.includeAuditLog
     ? await getAuditLogsPdf({
         documentId,
-        language: document.documentMeta?.language,
+        language: envelope.documentMeta?.language,
       }).catch((e) => {
         console.log('Failed to get audit logs PDF');
         console.error(e);
@@ -204,7 +222,7 @@ export const run = async ({
 
     for (const field of fields) {
       if (field.inserted) {
-        document.useLegacyFieldInsertion
+        envelope.useLegacyFieldInsertion
           ? await legacy_insertFieldInPDF(pdfDoc, field)
           : await insertFieldInPDF(pdfDoc, field);
       }
@@ -217,7 +235,8 @@ export const run = async ({
     const pdfBytes = await pdfDoc.save();
     const pdfBuffer = await signPdf({ pdf: Buffer.from(pdfBytes) });
 
-    const { name } = path.parse(document.title);
+    // Todo: Envelopes - Use the envelope item title instead.
+    const { name } = path.parse(envelope.title);
 
     // Add suffix based on document status
     const suffix = isRejected ? '_rejected.pdf' : '_signed.pdf';
@@ -238,7 +257,7 @@ export const run = async ({
       distinctId: nanoid(),
       event: 'App: Document Sealed',
       properties: {
-        documentId: document.id,
+        documentId: envelope.id,
         isRejected,
       },
     });
@@ -252,9 +271,9 @@ export const run = async ({
         },
       });
 
-      await tx.document.update({
+      await tx.envelope.update({
         where: {
-          id: document.id,
+          id: envelope.id,
         },
         data: {
           status: isRejected ? DocumentStatus.REJECTED : DocumentStatus.COMPLETED,
@@ -274,7 +293,7 @@ export const run = async ({
       await tx.documentAuditLog.create({
         data: createDocumentAuditLogData({
           type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_COMPLETED,
-          documentId: document.id,
+          envelopeId: envelope.id,
           requestMetadata,
           user: null,
           data: {
@@ -289,21 +308,23 @@ export const run = async ({
   await io.runTask('send-completed-email', async () => {
     let shouldSendCompletedEmail = sendEmail && !isResealing && !isRejected;
 
-    if (isResealing && !isDocumentCompleted(document.status)) {
+    if (isResealing && !isDocumentCompleted(envelope.status)) {
       shouldSendCompletedEmail = sendEmail;
     }
 
     if (shouldSendCompletedEmail) {
-      await sendCompletedEmail({ documentId, requestMetadata });
+      await sendCompletedEmail({
+        id: { type: 'envelopeId', id: envelope.id },
+        requestMetadata,
+      });
     }
   });
 
-  const updatedDocument = await prisma.document.findFirstOrThrow({
+  const updatedEnvelope = await prisma.envelope.findFirstOrThrow({
     where: {
-      id: document.id,
+      id: envelope.id,
     },
     include: {
-      documentData: true,
       documentMeta: true,
       recipients: true,
     },
@@ -313,8 +334,8 @@ export const run = async ({
     event: isRejected
       ? WebhookTriggerEvents.DOCUMENT_REJECTED
       : WebhookTriggerEvents.DOCUMENT_COMPLETED,
-    data: ZWebhookDocumentSchema.parse(mapDocumentToWebhookDocumentPayload(updatedDocument)),
+    data: ZWebhookDocumentSchema.parse(mapEnvelopeToWebhookDocumentPayload(updatedEnvelope)),
-    userId: updatedDocument.userId,
+    userId: updatedEnvelope.userId,
-    teamId: updatedDocument.teamId ?? undefined,
+    teamId: updatedEnvelope.teamId ?? undefined,
   });
 };

packages/lib/server-only/admin/admin-find-documents.ts

@@ -1,17 +1,21 @@
-import type { Prisma } from '@prisma/client';
+import { EnvelopeType, type Prisma } from '@prisma/client';
 
 import { prisma } from '@documenso/prisma';
 
 import type { FindResultResponse } from '../../types/search-params';
 
-export interface FindDocumentsOptions {
+export interface AdminFindDocumentsOptions {
   query?: string;
   page?: number;
   perPage?: number;
 }
 
-export const findDocuments = async ({ query, page = 1, perPage = 10 }: FindDocumentsOptions) => {
+export const adminFindDocuments = async ({
-  const termFilters: Prisma.DocumentWhereInput | undefined = !query
+  query,
+  page = 1,
+  perPage = 10,
+}: AdminFindDocumentsOptions) => {
+  const termFilters: Prisma.EnvelopeWhereInput | undefined = !query
     ? undefined
     : {
         title: {
@@ -21,8 +25,9 @@ export const findDocuments = async ({ query, page = 1, perPage = 10 }: FindDocum
       };
 
   const [data, count] = await Promise.all([
-    prisma.document.findMany({
+    prisma.envelope.findMany({
       where: {
+        type: EnvelopeType.DOCUMENT,
         ...termFilters,
       },
       skip: Math.max(page - 1, 0) * perPage,
@@ -39,10 +44,17 @@ export const findDocuments = async ({ query, page = 1, perPage = 10 }: FindDocum
           },
         },
         recipients: true,
+        team: {
+          select: {
+            id: true,
+            url: true,
+          },
+        },
       },
     }),
-    prisma.document.count({
+    prisma.envelope.count({
       where: {
+        type: EnvelopeType.DOCUMENT,
         ...termFilters,
       },
     }),

packages/lib/server-only/admin/admin-super-delete-document.ts

@@ -17,15 +17,18 @@ import { createDocumentAuditLogData } from '../../utils/document-audit-logs';
 import { renderEmailWithI18N } from '../../utils/render-email-with-i18n';
 import { getEmailContext } from '../email/get-email-context';
 
-export type SuperDeleteDocumentOptions = {
+export type AdminSuperDeleteDocumentOptions = {
-  id: number;
+  envelopeId: string;
   requestMetadata?: RequestMetadata;
 };
 
-export const superDeleteDocument = async ({ id, requestMetadata }: SuperDeleteDocumentOptions) => {
+export const adminSuperDeleteDocument = async ({
-  const document = await prisma.document.findUnique({
+  envelopeId,
+  requestMetadata,
+}: AdminSuperDeleteDocumentOptions) => {
+  const envelope = await prisma.envelope.findUnique({
     where: {
-      id,
+      id: envelopeId,
     },
     include: {
       recipients: true,
@@ -40,7 +43,7 @@ export const superDeleteDocument = async ({ id, requestMetadata }: SuperDeleteDo
     },
   });
 
-  if (!document) {
+  if (!envelope) {
     throw new AppError(AppErrorCode.NOT_FOUND, {
       message: 'Document not found',
     });
@@ -50,38 +53,38 @@ export const superDeleteDocument = async ({ id, requestMetadata }: SuperDeleteDo
     emailType: 'RECIPIENT',
     source: {
       type: 'team',
-      teamId: document.teamId,
+      teamId: envelope.teamId,
     },
-    meta: document.documentMeta,
+    meta: envelope.documentMeta,
   });
 
-  const { status, user } = document;
+  const { status, user } = envelope;
 
   const isDocumentDeletedEmailEnabled = extractDerivedDocumentEmailSettings(
-    document.documentMeta,
+    envelope.documentMeta,
   ).documentDeleted;
 
   // if the document is pending, send cancellation emails to all recipients
   if (
     status === DocumentStatus.PENDING &&
-    document.recipients.length > 0 &&
+    envelope.recipients.length > 0 &&
     isDocumentDeletedEmailEnabled
   ) {
     await Promise.all(
-      document.recipients.map(async (recipient) => {
+      envelope.recipients.map(async (recipient) => {
         if (recipient.sendStatus !== SendStatus.SENT) {
           return;
         }
 
         const assetBaseUrl = NEXT_PUBLIC_WEBAPP_URL() || 'http://localhost:3000';
         const template = createElement(DocumentCancelTemplate, {
-          documentName: document.title,
+          documentName: envelope.title,
           inviterName: user.name || undefined,
           inviterEmail: user.email,
           assetBaseUrl,
         });
 
-        const lang = document.documentMeta?.language ?? settings.documentLanguage;
+        const lang = envelope.documentMeta?.language ?? settings.documentLanguage;
 
         const [html, text] = await Promise.all([
           renderEmailWithI18N(template, { lang, branding }),
@@ -113,7 +116,7 @@ export const superDeleteDocument = async ({ id, requestMetadata }: SuperDeleteDo
   return await prisma.$transaction(async (tx) => {
     await tx.documentAuditLog.create({
       data: createDocumentAuditLogData({
-        documentId: id,
+        envelopeId,
         type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_DELETED,
         user,
         requestMetadata,
@@ -123,6 +126,6 @@ export const superDeleteDocument = async ({ id, requestMetadata }: SuperDeleteDo
       }),
     });
 
-    return await tx.document.delete({ where: { id } });
+    return await tx.envelope.delete({ where: { id: envelopeId } });
   });
 };

packages/lib/server-only/admin/get-documents-stats.ts

@@ -1,8 +1,13 @@
+import { EnvelopeType } from '@prisma/client';
+
 import { prisma } from '@documenso/prisma';
 import { ExtendedDocumentStatus } from '@documenso/prisma/types/extended-document-status';
 
 export const getDocumentStats = async () => {
-  const counts = await prisma.document.groupBy({
+  const counts = await prisma.envelope.groupBy({
+    where: {
+      type: EnvelopeType.DOCUMENT,
+    },
     by: ['status'],
     _count: {
       _all: true,

packages/lib/server-only/admin/get-entire-document.ts

@@ -1,14 +1,22 @@
+import type { EnvelopeType } from '@prisma/client';
+
 import { prisma } from '@documenso/prisma';
 
-export type GetEntireDocumentOptions = {
+import { AppError, AppErrorCode } from '../../errors/app-error';
-  id: number;
+import type { EnvelopeIdOptions } from '../../utils/envelope';
+import { unsafeBuildEnvelopeIdQuery } from '../../utils/envelope';
+
+export type unsafeGetEntireEnvelopeOptions = {
+  id: EnvelopeIdOptions;
+  type: EnvelopeType;
 };
 
-export const getEntireDocument = async ({ id }: GetEntireDocumentOptions) => {
+/**
-  const document = await prisma.document.findFirstOrThrow({
+ * An unauthenticated function that returns the whole envelope
-    where: {
+ */
-      id,
+export const unsafeGetEntireEnvelope = async ({ id, type }: unsafeGetEntireEnvelopeOptions) => {
-    },
+  const envelope = await prisma.envelope.findFirst({
+    where: unsafeBuildEnvelopeIdQuery(id, type),
     include: {
       documentMeta: true,
       user: {
@@ -30,5 +38,11 @@ export const getEntireDocument = async ({ id }: GetEntireDocumentOptions) => {
     },
   });
 
-  return document;
+  if (!envelope) {
+    throw new AppError(AppErrorCode.NOT_FOUND, {
+      message: 'Envelope not found',
+    });
+  }
+
+  return envelope;
 };

packages/lib/server-only/admin/get-signing-volume.ts

@@ -1,4 +1,4 @@
-import { DocumentStatus, SubscriptionStatus } from '@prisma/client';
+import { DocumentStatus, EnvelopeType, SubscriptionStatus } from '@prisma/client';
 
 import { kyselyPrisma, sql } from '@documenso/prisma';
 
@@ -31,22 +31,23 @@ export async function getSigningVolume({
     .selectFrom('Subscription as s')
     .innerJoin('Organisation as o', 's.organisationId', 'o.id')
     .leftJoin('Team as t', 'o.id', 't.organisationId')
-    .leftJoin('Document as d', (join) =>
+    .leftJoin('Envelope as e', (join) =>
       join
-        .onRef('t.id', '=', 'd.teamId')
+        .onRef('t.id', '=', 'e.teamId')
-        .on('d.status', '=', sql.lit(DocumentStatus.COMPLETED))
+        .on('e.status', '=', sql.lit(DocumentStatus.COMPLETED))
-        .on('d.deletedAt', 'is', null),
+        .on('e.deletedAt', 'is', null),
     )
     .where(sql`s.status = ${SubscriptionStatus.ACTIVE}::"SubscriptionStatus"`)
     .where((eb) =>
       eb.or([eb('o.name', 'ilike', `%${search}%`), eb('t.name', 'ilike', `%${search}%`)]),
     )
+    .where('e.type', '=', EnvelopeType.DOCUMENT)
     .select([
       's.id as id',
       's.createdAt as createdAt',
       's.planId as planId',
       sql<string>`COALESCE(o.name, 'Unknown')`.as('name'),
-      sql<number>`COUNT(DISTINCT d.id)`.as('signingVolume'),
+      sql<number>`COUNT(DISTINCT e.id)`.as('signingVolume'),
     ])
     .groupBy(['s.id', 'o.name']);
 

packages/lib/server-only/document-meta/upsert-document-meta.ts

@@ -1,4 +1,8 @@
-import type { DocumentDistributionMethod, DocumentSigningOrder } from '@prisma/client';
+import {
+  type DocumentDistributionMethod,
+  type DocumentSigningOrder,
+  EnvelopeType,
+} from '@prisma/client';
 
 import { DOCUMENT_AUDIT_LOG_TYPE } from '@documenso/lib/types/document-audit-logs';
 import type { ApiRequestMetadata } from '@documenso/lib/universal/extract-request-metadata';
@@ -11,16 +15,16 @@ import { prisma } from '@documenso/prisma';
 import type { SupportedLanguageCodes } from '../../constants/i18n';
 import { AppError, AppErrorCode } from '../../errors/app-error';
 import type { TDocumentEmailSettings } from '../../types/document-email';
-import { getDocumentWhereInput } from '../document/get-document-by-id';
+import type { EnvelopeIdOptions } from '../../utils/envelope';
+import { getEnvelopeWhereInput } from '../envelope/get-envelope-by-id';
 
 export type CreateDocumentMetaOptions = {
   userId: number;
   teamId: number;
-  documentId: number;
+  id: EnvelopeIdOptions;
   subject?: string;
   message?: string;
   timezone?: string;
-  password?: string;
   dateFormat?: string;
   redirectUrl?: string;
   emailId?: string | null;
@@ -36,15 +40,14 @@ export type CreateDocumentMetaOptions = {
   requestMetadata: ApiRequestMetadata;
 };
 
-export const upsertDocumentMeta = async ({
+export const updateDocumentMeta = async ({
+  id,
   userId,
   teamId,
   subject,
   message,
   timezone,
   dateFormat,
-  documentId,
-  password,
   redirectUrl,
   signingOrder,
   allowDictateNextSigner,
@@ -58,26 +61,27 @@ export const upsertDocumentMeta = async ({
   language,
   requestMetadata,
 }: CreateDocumentMetaOptions) => {
-  const { documentWhereInput, team } = await getDocumentWhereInput({
+  const { envelopeWhereInput, team } = await getEnvelopeWhereInput({
-    documentId,
+    id,
+    type: null, // Allow updating both documents and templates meta.
     userId,
     teamId,
   });
 
-  const document = await prisma.document.findFirst({
+  const envelope = await prisma.envelope.findFirst({
-    where: documentWhereInput,
+    where: envelopeWhereInput,
     include: {
       documentMeta: true,
     },
   });
 
-  if (!document) {
+  if (!envelope) {
     throw new AppError(AppErrorCode.NOT_FOUND, {
       message: 'Document not found',
     });
   }
 
-  const { documentMeta: originalDocumentMeta } = document;
+  const { documentMeta: originalDocumentMeta } = envelope;
 
   // Validate the emailId belongs to the organisation.
   if (emailId) {
@@ -96,33 +100,13 @@ export const upsertDocumentMeta = async ({
   }
 
   return await prisma.$transaction(async (tx) => {
-    const upsertedDocumentMeta = await tx.documentMeta.upsert({
+    const upsertedDocumentMeta = await tx.documentMeta.update({
       where: {
-        documentId,
+        id: envelope.documentMetaId,
       },
-      create: {
+      data: {
         subject,
         message,
-        password,
-        dateFormat,
-        timezone,
-        documentId,
-        redirectUrl,
-        signingOrder,
-        allowDictateNextSigner,
-        emailId,
-        emailReplyTo,
-        emailSettings,
-        distributionMethod,
-        typedSignatureEnabled,
-        uploadSignatureEnabled,
-        drawSignatureEnabled,
-        language,
-      },
-      update: {
-        subject,
-        message,
-        password,
         dateFormat,
         timezone,
         redirectUrl,
@@ -141,11 +125,12 @@ export const upsertDocumentMeta = async ({
 
     const changes = diffDocumentMetaChanges(originalDocumentMeta ?? {}, upsertedDocumentMeta);
 
-    if (changes.length > 0) {
+    // Create audit logs only for document type envelopes.
+    if (changes.length > 0 && envelope.type === EnvelopeType.DOCUMENT) {
       await tx.documentAuditLog.create({
         data: createDocumentAuditLogData({
           type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_META_UPDATED,
-          documentId,
+          envelopeId: envelope.id,
           metadata: requestMetadata,
           data: {
             changes: diffDocumentMetaChanges(originalDocumentMeta ?? {}, upsertedDocumentMeta),

packages/lib/server-only/document/complete-document-with-token.ts

@@ -1,6 +1,7 @@
 import {
   DocumentSigningOrder,
   DocumentStatus,
+  EnvelopeType,
   RecipientRole,
   SendStatus,
   SigningStatus,
@@ -22,9 +23,11 @@ import type { TRecipientAccessAuth, TRecipientActionAuth } from '../../types/doc
 import { DocumentAuth } from '../../types/document-auth';
 import {
   ZWebhookDocumentSchema,
-  mapDocumentToWebhookDocumentPayload,
+  mapEnvelopeToWebhookDocumentPayload,
 } from '../../types/webhook-payload';
 import { extractDocumentAuthMethods } from '../../utils/document-auth';
+import type { EnvelopeIdOptions } from '../../utils/envelope';
+import { mapSecondaryIdToDocumentId, unsafeBuildEnvelopeIdQuery } from '../../utils/envelope';
 import { getIsRecipientsTurnToSign } from '../recipient/get-is-recipient-turn';
 import { triggerWebhook } from '../webhooks/trigger/trigger-webhook';
 import { isRecipientAuthorized } from './is-recipient-authorized';
@@ -32,7 +35,7 @@ import { sendPendingEmail } from './send-pending-email';
 
 export type CompleteDocumentWithTokenOptions = {
   token: string;
-  documentId: number;
+  id: EnvelopeIdOptions;
   userId?: number;
   authOptions?: TRecipientActionAuth;
   accessAuthOptions?: TRecipientAccessAuth;
@@ -43,10 +46,17 @@ export type CompleteDocumentWithTokenOptions = {
   };
 };
 
-const getDocument = async ({ token, documentId }: CompleteDocumentWithTokenOptions) => {
+export const completeDocumentWithToken = async ({
-  return await prisma.document.findFirstOrThrow({
+  token,
+  id,
+  userId,
+  accessAuthOptions,
+  requestMetadata,
+  nextSigner,
+}: CompleteDocumentWithTokenOptions) => {
+  const envelope = await prisma.envelope.findFirstOrThrow({
     where: {
-      id: documentId,
+      ...unsafeBuildEnvelopeIdQuery(id, EnvelopeType.DOCUMENT),
       recipients: {
         some: {
           token,
@@ -62,27 +72,18 @@ const getDocument = async ({ token, documentId }: CompleteDocumentWithTokenOptio
       },
     },
   });
-};
 
-export const completeDocumentWithToken = async ({
+  const legacyDocumentId = mapSecondaryIdToDocumentId(envelope.secondaryId);
-  token,
-  documentId,
-  userId,
-  accessAuthOptions,
-  requestMetadata,
-  nextSigner,
-}: CompleteDocumentWithTokenOptions) => {
-  const document = await getDocument({ token, documentId });
 
-  if (document.status !== DocumentStatus.PENDING) {
+  if (envelope.status !== DocumentStatus.PENDING) {
-    throw new Error(`Document ${document.id} must be pending`);
+    throw new Error(`Document ${envelope.id} must be pending`);
   }
 
-  if (document.recipients.length === 0) {
+  if (envelope.recipients.length === 0) {
-    throw new Error(`Document ${document.id} has no recipient with token ${token}`);
+    throw new Error(`Document ${envelope.id} has no recipient with token ${token}`);
   }
 
-  const [recipient] = document.recipients;
+  const [recipient] = envelope.recipients;
 
   if (recipient.signingStatus === SigningStatus.SIGNED) {
     throw new Error(`Recipient ${recipient.id} has already signed`);
@@ -95,7 +96,7 @@ export const completeDocumentWithToken = async ({
     });
   }
 
-  if (document.documentMeta?.signingOrder === DocumentSigningOrder.SEQUENTIAL) {
+  if (envelope.documentMeta?.signingOrder === DocumentSigningOrder.SEQUENTIAL) {
     const isRecipientsTurn = await getIsRecipientsTurnToSign({ token: recipient.token });
 
     if (!isRecipientsTurn) {
@@ -107,7 +108,7 @@ export const completeDocumentWithToken = async ({
 
   const fields = await prisma.field.findMany({
     where: {
-      documentId: document.id,
+      envelopeId: envelope.id, // Todo: Envelopes - Need to support multi docs.
       recipientId: recipient.id,
     },
   });
@@ -118,7 +119,7 @@ export const completeDocumentWithToken = async ({
 
   // Check ACCESS AUTH 2FA validation during document completion
   const { derivedRecipientAccessAuth } = extractDocumentAuthMethods({
-    documentAuth: document.authOptions,
+    documentAuth: envelope.authOptions,
     recipientAuth: recipient.authOptions,
   });
 
@@ -131,7 +132,7 @@ export const completeDocumentWithToken = async ({
 
     const isValid = await isRecipientAuthorized({
       type: 'ACCESS_2FA',
-      documentAuthOptions: document.authOptions,
+      documentAuthOptions: envelope.authOptions,
       recipient: recipient,
       userId, // Can be undefined for non-account recipients
       authOptions: accessAuthOptions,
@@ -141,7 +142,7 @@ export const completeDocumentWithToken = async ({
       await prisma.documentAuditLog.create({
         data: createDocumentAuditLogData({
           type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_ACCESS_AUTH_2FA_FAILED,
-          documentId: document.id,
+          envelopeId: envelope.id,
           data: {
             recipientId: recipient.id,
             recipientName: recipient.name,
@@ -158,7 +159,7 @@ export const completeDocumentWithToken = async ({
     await prisma.documentAuditLog.create({
       data: createDocumentAuditLogData({
         type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_ACCESS_AUTH_2FA_VALIDATED,
-        documentId: document.id,
+        envelopeId: envelope.id,
         data: {
           recipientId: recipient.id,
           recipientName: recipient.name,
@@ -180,14 +181,14 @@ export const completeDocumentWithToken = async ({
     });
 
     const authOptions = extractDocumentAuthMethods({
-      documentAuth: document.authOptions,
+      documentAuth: envelope.authOptions,
       recipientAuth: recipient.authOptions,
     });
 
     await tx.documentAuditLog.create({
       data: createDocumentAuditLogData({
         type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_RECIPIENT_COMPLETED,
-        documentId: document.id,
+        envelopeId: envelope.id,
         user: {
           name: recipient.name,
           email: recipient.email,
@@ -207,7 +208,7 @@ export const completeDocumentWithToken = async ({
   await jobs.triggerJob({
     name: 'send.recipient.signed.email',
     payload: {
-      documentId: document.id,
+      documentId: legacyDocumentId,
       recipientId: recipient.id,
     },
   });
@@ -221,7 +222,7 @@ export const completeDocumentWithToken = async ({
       role: true,
     },
     where: {
-      documentId: document.id,
+      envelopeId: envelope.id,
       signingStatus: {
         not: SigningStatus.SIGNED,
       },
@@ -235,17 +236,17 @@ export const completeDocumentWithToken = async ({
   });
 
   if (pendingRecipients.length > 0) {
-    await sendPendingEmail({ documentId, recipientId: recipient.id });
+    await sendPendingEmail({ id, recipientId: recipient.id });
 
-    if (document.documentMeta?.signingOrder === DocumentSigningOrder.SEQUENTIAL) {
+    if (envelope.documentMeta?.signingOrder === DocumentSigningOrder.SEQUENTIAL) {
       const [nextRecipient] = pendingRecipients;
 
       await prisma.$transaction(async (tx) => {
-        if (nextSigner && document.documentMeta?.allowDictateNextSigner) {
+        if (nextSigner && envelope.documentMeta?.allowDictateNextSigner) {
           await tx.documentAuditLog.create({
             data: createDocumentAuditLogData({
               type: DOCUMENT_AUDIT_LOG_TYPE.RECIPIENT_UPDATED,
-              documentId: document.id,
+              envelopeId: envelope.id,
               user: {
                 name: recipient.name,
                 email: recipient.email,
@@ -277,7 +278,7 @@ export const completeDocumentWithToken = async ({
           where: { id: nextRecipient.id },
           data: {
             sendStatus: SendStatus.SENT,
-            ...(nextSigner && document.documentMeta?.allowDictateNextSigner
+            ...(nextSigner && envelope.documentMeta?.allowDictateNextSigner
               ? {
                   name: nextSigner.name,
                   email: nextSigner.email,
@@ -289,8 +290,8 @@ export const completeDocumentWithToken = async ({
         await jobs.triggerJob({
           name: 'send.signing.requested.email',
           payload: {
-            userId: document.userId,
+            userId: envelope.userId,
-            documentId: document.id,
+            documentId: legacyDocumentId,
             recipientId: nextRecipient.id,
             requestMetadata,
           },
@@ -299,9 +300,9 @@ export const completeDocumentWithToken = async ({
     }
   }
 
-  const haveAllRecipientsSigned = await prisma.document.findFirst({
+  const haveAllRecipientsSigned = await prisma.envelope.findFirst({
     where: {
-      id: document.id,
+      id: envelope.id,
       recipients: {
         every: {
           OR: [{ signingStatus: SigningStatus.SIGNED }, { role: RecipientRole.CC }],
@@ -314,15 +315,16 @@ export const completeDocumentWithToken = async ({
     await jobs.triggerJob({
       name: 'internal.seal-document',
       payload: {
-        documentId: document.id,
+        documentId: legacyDocumentId,
         requestMetadata,
       },
     });
   }
 
-  const updatedDocument = await prisma.document.findFirstOrThrow({
+  const updatedDocument = await prisma.envelope.findFirstOrThrow({
     where: {
-      id: document.id,
+      id: envelope.id,
+      type: EnvelopeType.DOCUMENT,
     },
     include: {
       documentMeta: true,
@@ -332,7 +334,7 @@ export const completeDocumentWithToken = async ({
 
   await triggerWebhook({
     event: WebhookTriggerEvents.DOCUMENT_SIGNED,
-    data: ZWebhookDocumentSchema.parse(mapDocumentToWebhookDocumentPayload(updatedDocument)),
+    data: ZWebhookDocumentSchema.parse(mapEnvelopeToWebhookDocumentPayload(updatedDocument)),
     userId: updatedDocument.userId,
     teamId: updatedDocument.teamId ?? undefined,
   });

packages/lib/server-only/document/create-document.ts

@@ -1,171 +0,0 @@
-import { DocumentSource, WebhookTriggerEvents } from '@prisma/client';
-import type { DocumentVisibility } from '@prisma/client';
-
-import { normalizePdf as makeNormalizedPdf } from '@documenso/lib/server-only/pdf/normalize-pdf';
-import { DOCUMENT_AUDIT_LOG_TYPE } from '@documenso/lib/types/document-audit-logs';
-import type { ApiRequestMetadata } from '@documenso/lib/universal/extract-request-metadata';
-import { createDocumentAuditLogData } from '@documenso/lib/utils/document-audit-logs';
-import { prisma } from '@documenso/prisma';
-
-import { AppError, AppErrorCode } from '../../errors/app-error';
-import {
-  ZWebhookDocumentSchema,
-  mapDocumentToWebhookDocumentPayload,
-} from '../../types/webhook-payload';
-import { prefixedId } from '../../universal/id';
-import { getFileServerSide } from '../../universal/upload/get-file.server';
-import { putPdfFileServerSide } from '../../universal/upload/put-file.server';
-import { extractDerivedDocumentMeta } from '../../utils/document';
-import { determineDocumentVisibility } from '../../utils/document-visibility';
-import { buildTeamWhereQuery } from '../../utils/teams';
-import { getTeamById } from '../team/get-team';
-import { getTeamSettings } from '../team/get-team-settings';
-import { triggerWebhook } from '../webhooks/trigger/trigger-webhook';
-
-export type CreateDocumentOptions = {
-  title: string;
-  externalId?: string | null;
-  userId: number;
-  teamId: number;
-  documentDataId: string;
-  formValues?: Record<string, string | number | boolean>;
-  normalizePdf?: boolean;
-  timezone?: string;
-  userTimezone?: string;
-  requestMetadata: ApiRequestMetadata;
-  folderId?: string;
-};
-
-export const createDocument = async ({
-  userId,
-  title,
-  externalId,
-  documentDataId,
-  teamId,
-  normalizePdf,
-  formValues,
-  requestMetadata,
-  timezone,
-  userTimezone,
-  folderId,
-}: CreateDocumentOptions) => {
-  const team = await getTeamById({ userId, teamId });
-
-  const settings = await getTeamSettings({
-    userId,
-    teamId,
-  });
-
-  let folderVisibility: DocumentVisibility | undefined;
-
-  if (folderId) {
-    const folder = await prisma.folder.findFirst({
-      where: {
-        id: folderId,
-        team: buildTeamWhereQuery({
-          teamId,
-          userId,
-        }),
-      },
-      select: {
-        visibility: true,
-      },
-    });
-
-    if (!folder) {
-      throw new AppError(AppErrorCode.NOT_FOUND, {
-        message: 'Folder not found',
-      });
-    }
-
-    folderVisibility = folder.visibility;
-  }
-
-  if (normalizePdf) {
-    const documentData = await prisma.documentData.findFirst({
-      where: {
-        id: documentDataId,
-      },
-    });
-
-    if (documentData) {
-      const buffer = await getFileServerSide(documentData);
-
-      const normalizedPdf = await makeNormalizedPdf(Buffer.from(buffer));
-
-      const newDocumentData = await putPdfFileServerSide({
-        name: title.endsWith('.pdf') ? title : `${title}.pdf`,
-        type: 'application/pdf',
-        arrayBuffer: async () => Promise.resolve(normalizedPdf),
-      });
-
-      // eslint-disable-next-line require-atomic-updates
-      documentDataId = newDocumentData.id;
-    }
-  }
-
-  // userTimezone is last because it's always passed in regardless of the organisation/team settings
-  // for uploads from the frontend
-  const timezoneToUse = timezone || settings.documentTimezone || userTimezone;
-
-  return await prisma.$transaction(async (tx) => {
-    const document = await tx.document.create({
-      data: {
-        title,
-        qrToken: prefixedId('qr'),
-        externalId,
-        documentDataId,
-        userId,
-        teamId,
-        folderId,
-        visibility:
-          folderVisibility ??
-          determineDocumentVisibility(settings.documentVisibility, team.currentTeamRole),
-        formValues,
-        source: DocumentSource.DOCUMENT,
-        documentMeta: {
-          create: extractDerivedDocumentMeta(settings, {
-            timezone: timezoneToUse,
-          }),
-        },
-      },
-    });
-
-    await tx.documentAuditLog.create({
-      data: createDocumentAuditLogData({
-        type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_CREATED,
-        documentId: document.id,
-        metadata: requestMetadata,
-        data: {
-          title,
-          source: {
-            type: DocumentSource.DOCUMENT,
-          },
-        },
-      }),
-    });
-
-    const createdDocument = await tx.document.findFirst({
-      where: {
-        id: document.id,
-      },
-      include: {
-        documentMeta: true,
-        recipients: true,
-      },
-    });
-
-    if (!createdDocument) {
-      throw new Error('Document not found');
-    }
-
-    await triggerWebhook({
-      event: WebhookTriggerEvents.DOCUMENT_CREATED,
-      data: ZWebhookDocumentSchema.parse(mapDocumentToWebhookDocumentPayload(createdDocument)),
-      userId,
-      teamId,
-    });
-
-    return createdDocument;
-  });
-};

packages/lib/server-only/document/delete-document.ts

@@ -1,8 +1,8 @@
 import { createElement } from 'react';
 
 import { msg } from '@lingui/core/macro';
-import type { Document, DocumentMeta, Recipient, User } from '@prisma/client';
+import type { DocumentMeta, Envelope, Recipient, User } from '@prisma/client';
-import { DocumentStatus, SendStatus, WebhookTriggerEvents } from '@prisma/client';
+import { DocumentStatus, EnvelopeType, SendStatus, WebhookTriggerEvents } from '@prisma/client';
 
 import { mailer } from '@documenso/email/mailer';
 import DocumentCancelTemplate from '@documenso/email/templates/document-cancel';
@@ -15,11 +15,12 @@ import { DOCUMENT_AUDIT_LOG_TYPE } from '../../types/document-audit-logs';
 import { extractDerivedDocumentEmailSettings } from '../../types/document-email';
 import {
   ZWebhookDocumentSchema,
-  mapDocumentToWebhookDocumentPayload,
+  mapEnvelopeToWebhookDocumentPayload,
 } from '../../types/webhook-payload';
 import type { ApiRequestMetadata } from '../../universal/extract-request-metadata';
 import { isDocumentCompleted } from '../../utils/document';
 import { createDocumentAuditLogData } from '../../utils/document-audit-logs';
+import { unsafeBuildEnvelopeIdQuery } from '../../utils/envelope';
 import { renderEmailWithI18N } from '../../utils/render-email-with-i18n';
 import { getEmailContext } from '../email/get-email-context';
 import { getMemberRoles } from '../team/get-member-roles';
@@ -50,24 +51,23 @@ export const deleteDocument = async ({
     });
   }
 
-  const document = await prisma.document.findUnique({
+  // Note: This is an unsafe request, we validate the ownership later in the function.
-    where: {
+  const envelope = await prisma.envelope.findUnique({
-      id,
+    where: unsafeBuildEnvelopeIdQuery({ type: 'documentId', id }, EnvelopeType.DOCUMENT),
-    },
     include: {
       recipients: true,
       documentMeta: true,
     },
   });
 
-  if (!document) {
+  if (!envelope) {
     throw new AppError(AppErrorCode.NOT_FOUND, {
       message: 'Document not found',
     });
   }
 
   const isUserTeamMember = await getMemberRoles({
-    teamId: document.teamId,
+    teamId: envelope.teamId,
     reference: {
       type: 'User',
       id: userId,
@@ -76,8 +76,8 @@ export const deleteDocument = async ({
     .then(() => true)
     .catch(() => false);
 
-  const isUserOwner = document.userId === userId;
+  const isUserOwner = envelope.userId === userId;
-  const userRecipient = document.recipients.find((recipient) => recipient.email === user.email);
+  const userRecipient = envelope.recipients.find((recipient) => recipient.email === user.email);
 
   if (!isUserOwner && !isUserTeamMember && !userRecipient) {
     throw new AppError(AppErrorCode.UNAUTHORIZED, {
@@ -88,7 +88,7 @@ export const deleteDocument = async ({
   // Handle hard or soft deleting the actual document if user has permission.
   if (isUserOwner || isUserTeamMember) {
     await handleDocumentOwnerDelete({
-      document,
+      envelope,
       user,
       requestMetadata,
     });
@@ -113,27 +113,16 @@ export const deleteDocument = async ({
 
   await triggerWebhook({
     event: WebhookTriggerEvents.DOCUMENT_CANCELLED,
-    data: ZWebhookDocumentSchema.parse(mapDocumentToWebhookDocumentPayload(document)),
+    data: ZWebhookDocumentSchema.parse(mapEnvelopeToWebhookDocumentPayload(envelope)),
     userId,
     teamId,
   });
 
-  // Return partial document for API v1 response.
+  return envelope;
-  return {
-    id: document.id,
-    userId: document.userId,
-    teamId: document.teamId,
-    title: document.title,
-    status: document.status,
-    documentDataId: document.documentDataId,
-    createdAt: document.createdAt,
-    updatedAt: document.updatedAt,
-    completedAt: document.completedAt,
-  };
 };
 
 type HandleDocumentOwnerDeleteOptions = {
-  document: Document & {
+  envelope: Envelope & {
     recipients: Recipient[];
     documentMeta: DocumentMeta | null;
   };
@@ -142,11 +131,11 @@ type HandleDocumentOwnerDeleteOptions = {
 };
 
 const handleDocumentOwnerDelete = async ({
-  document,
+  envelope,
   user,
   requestMetadata,
 }: HandleDocumentOwnerDeleteOptions) => {
-  if (document.deletedAt) {
+  if (envelope.deletedAt) {
     return;
   }
 
@@ -154,17 +143,17 @@ const handleDocumentOwnerDelete = async ({
     emailType: 'RECIPIENT',
     source: {
       type: 'team',
-      teamId: document.teamId,
+      teamId: envelope.teamId,
     },
-    meta: document.documentMeta,
+    meta: envelope.documentMeta,
   });
 
   // Soft delete completed documents.
-  if (isDocumentCompleted(document.status)) {
+  if (isDocumentCompleted(envelope.status)) {
     return await prisma.$transaction(async (tx) => {
       await tx.documentAuditLog.create({
         data: createDocumentAuditLogData({
-          documentId: document.id,
+          envelopeId: envelope.id,
           type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_DELETED,
           metadata: requestMetadata,
           data: {
@@ -173,9 +162,9 @@ const handleDocumentOwnerDelete = async ({
         }),
       });
 
-      return await tx.document.update({
+      return await tx.envelope.update({
         where: {
-          id: document.id,
+          id: envelope.id,
         },
         data: {
           deletedAt: new Date().toISOString(),
@@ -185,12 +174,12 @@ const handleDocumentOwnerDelete = async ({
   }
 
   // Hard delete draft and pending documents.
-  const deletedDocument = await prisma.$transaction(async (tx) => {
+  const deletedEnvelope = await prisma.$transaction(async (tx) => {
     // Currently redundant since deleting a document will delete the audit logs.
     // However may be useful if we disassociate audit logs and documents if required.
     await tx.documentAuditLog.create({
       data: createDocumentAuditLogData({
-        documentId: document.id,
+        envelopeId: envelope.id,
         type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_DELETED,
         metadata: requestMetadata,
         data: {
@@ -199,9 +188,9 @@ const handleDocumentOwnerDelete = async ({
       }),
     });
 
-    return await tx.document.delete({
+    return await tx.envelope.delete({
       where: {
-        id: document.id,
+        id: envelope.id,
         status: {
           not: DocumentStatus.COMPLETED,
         },
@@ -209,17 +198,17 @@ const handleDocumentOwnerDelete = async ({
     });
   });
 
-  const isDocumentDeleteEmailEnabled = extractDerivedDocumentEmailSettings(
+  const isEnvelopeDeleteEmailEnabled = extractDerivedDocumentEmailSettings(
-    document.documentMeta,
+    envelope.documentMeta,
   ).documentDeleted;
 
-  if (!isDocumentDeleteEmailEnabled) {
+  if (!isEnvelopeDeleteEmailEnabled) {
-    return deletedDocument;
+    return deletedEnvelope;
   }
 
   // Send cancellation emails to recipients.
   await Promise.all(
-    document.recipients.map(async (recipient) => {
+    envelope.recipients.map(async (recipient) => {
       if (recipient.sendStatus !== SendStatus.SENT) {
         return;
       }
@@ -227,7 +216,7 @@ const handleDocumentOwnerDelete = async ({
       const assetBaseUrl = NEXT_PUBLIC_WEBAPP_URL() || 'http://localhost:3000';
 
       const template = createElement(DocumentCancelTemplate, {
-        documentName: document.title,
+        documentName: envelope.title,
         inviterName: user.name || undefined,
         inviterEmail: user.email,
         assetBaseUrl,
@@ -258,5 +247,5 @@ const handleDocumentOwnerDelete = async ({
     }),
   );
 
-  return deletedDocument;
+  return deletedEnvelope;
 };

packages/lib/server-only/document/duplicate-document-by-id.ts

@@ -1,5 +1,5 @@
-import type { Prisma, Recipient } from '@prisma/client';
+import type { Recipient } from '@prisma/client';
-import { DocumentSource, WebhookTriggerEvents } from '@prisma/client';
+import { DocumentSource, EnvelopeType, WebhookTriggerEvents } from '@prisma/client';
 import { omit } from 'remeda';
 
 import { prisma } from '@documenso/prisma';
@@ -7,34 +7,35 @@ import { prisma } from '@documenso/prisma';
 import { AppError, AppErrorCode } from '../../errors/app-error';
 import {
   ZWebhookDocumentSchema,
-  mapDocumentToWebhookDocumentPayload,
+  mapEnvelopeToWebhookDocumentPayload,
 } from '../../types/webhook-payload';
 import { nanoid, prefixedId } from '../../universal/id';
+import type { EnvelopeIdOptions } from '../../utils/envelope';
+import { getEnvelopeWhereInput } from '../envelope/get-envelope-by-id';
+import { incrementDocumentId } from '../envelope/increment-id';
 import { triggerWebhook } from '../webhooks/trigger/trigger-webhook';
-import { getDocumentWhereInput } from './get-document-by-id';
 
 export interface DuplicateDocumentOptions {
-  documentId: number;
+  id: EnvelopeIdOptions;
   userId: number;
   teamId: number;
 }
 
-export const duplicateDocument = async ({
+export const duplicateDocument = async ({ id, userId, teamId }: DuplicateDocumentOptions) => {
-  documentId,
+  const { envelopeWhereInput } = await getEnvelopeWhereInput({
-  userId,
+    id,
-  teamId,
+    type: EnvelopeType.DOCUMENT,
-}: DuplicateDocumentOptions) => {
-  const { documentWhereInput } = await getDocumentWhereInput({
-    documentId,
     userId,
     teamId,
   });
 
-  const document = await prisma.document.findFirst({
+  const envelope = await prisma.envelope.findFirst({
-    where: documentWhereInput,
+    where: envelopeWhereInput,
     select: {
       title: true,
       userId: true,
+      envelopeItems: {
+        include: {
           documentData: {
             select: {
               data: true,
@@ -42,6 +43,8 @@ export const duplicateDocument = async ({
               type: true,
             },
           },
+        },
+      },
       authOptions: true,
       visibility: true,
       documentMeta: true,
@@ -54,44 +57,36 @@ export const duplicateDocument = async ({
           fields: true,
         },
       },
+      teamId: true,
     },
   });
 
-  if (!document) {
+  if (!envelope) {
     throw new AppError(AppErrorCode.NOT_FOUND, {
       message: 'Document not found',
     });
   }
 
-  const documentData = await prisma.documentData.create({
+  const { documentId, formattedDocumentId } = await incrementDocumentId();
+
+  const createdDocumentMeta = await prisma.documentMeta.create({
     data: {
-      type: document.documentData.type,
+      ...omit(envelope.documentMeta, ['id']),
-      data: document.documentData.initialData,
+      emailSettings: envelope.documentMeta.emailSettings || undefined,
-      initialData: document.documentData.initialData,
     },
   });
 
-  let documentMeta: Prisma.DocumentCreateArgs['data']['documentMeta'] | undefined = undefined;
+  const duplicatedEnvelope = await prisma.envelope.create({
-
-  if (document.documentMeta) {
-    documentMeta = {
-      create: {
-        ...omit(document.documentMeta, ['id', 'documentId']),
-        emailSettings: document.documentMeta.emailSettings || undefined,
-      },
-    };
-  }
-
-  const createdDocument = await prisma.document.create({
     data: {
-      userId: document.userId,
+      id: prefixedId('envelope'),
-      teamId: teamId,
+      secondaryId: formattedDocumentId,
-      title: document.title,
+      type: EnvelopeType.DOCUMENT,
-      documentDataId: documentData.id,
+      userId,
-      authOptions: document.authOptions || undefined,
+      teamId,
-      visibility: document.visibility,
+      title: envelope.title,
-      qrToken: prefixedId('qr'),
+      documentMetaId: createdDocumentMeta.id,
-      documentMeta,
+      authOptions: envelope.authOptions || undefined,
+      visibility: envelope.visibility,
       source: DocumentSource.DOCUMENT,
     },
     include: {
@@ -100,8 +95,40 @@ export const duplicateDocument = async ({
     },
   });
 
-  const recipientsToCreate = document.recipients.map((recipient) => ({
+  // Key = original envelope item ID
-    documentId: createdDocument.id,
+  // Value = duplicated envelope item ID.
+  const oldEnvelopeItemToNewEnvelopeItemIdMap: Record<string, string> = {};
+
+  // Duplicate the envelope items.
+  await Promise.all(
+    envelope.envelopeItems.map(async (envelopeItem) => {
+      const duplicatedDocumentData = await prisma.documentData.create({
+        data: {
+          type: envelopeItem.documentData.type,
+          data: envelopeItem.documentData.initialData,
+          initialData: envelopeItem.documentData.initialData,
+        },
+      });
+
+      const duplicatedEnvelopeItem = await prisma.envelopeItem.create({
+        data: {
+          id: prefixedId('envelope_item'),
+          title: envelopeItem.title,
+          envelopeId: duplicatedEnvelope.id,
+          documentDataId: duplicatedDocumentData.id,
+        },
+      });
+
+      oldEnvelopeItemToNewEnvelopeItemIdMap[envelopeItem.id] = duplicatedEnvelopeItem.id;
+    }),
+  );
+
+  const recipients: Recipient[] = [];
+
+  for (const recipient of envelope.recipients) {
+    const duplicatedRecipient = await prisma.recipient.create({
+      data: {
+        envelopeId: duplicatedEnvelope.id,
         email: recipient.email,
         name: recipient.name,
         role: recipient.role,
@@ -110,7 +137,8 @@ export const duplicateDocument = async ({
         fields: {
           createMany: {
             data: recipient.fields.map((field) => ({
-          documentId: createdDocument.id,
+              envelopeId: duplicatedEnvelope.id,
+              envelopeItemId: oldEnvelopeItemToNewEnvelopeItemIdMap[field.envelopeItemId],
               type: field.type,
               page: field.page,
               positionX: field.positionX,
@@ -123,30 +151,30 @@ export const duplicateDocument = async ({
             })),
           },
         },
-  }));
+      },
-
-  const recipients: Recipient[] = [];
-
-  for (const recipientData of recipientsToCreate) {
-    const newRecipient = await prisma.recipient.create({
-      data: recipientData,
     });
 
-    recipients.push(newRecipient);
+    recipients.push(duplicatedRecipient);
   }
 
+  const refetchedEnvelope = await prisma.envelope.findFirstOrThrow({
+    where: {
+      id: duplicatedEnvelope.id,
+    },
+    include: {
+      documentMeta: true,
+      recipients: true,
+    },
+  });
+
   await triggerWebhook({
     event: WebhookTriggerEvents.DOCUMENT_CREATED,
-    data: ZWebhookDocumentSchema.parse({
+    data: ZWebhookDocumentSchema.parse(mapEnvelopeToWebhookDocumentPayload(refetchedEnvelope)),
-      ...mapDocumentToWebhookDocumentPayload(createdDocument),
-      recipients,
-      documentMeta: createdDocument.documentMeta,
-    }),
     userId: userId,
     teamId: teamId,
   });
 
   return {
-    documentId: createdDocument.id,
+    documentId,
   };
 };

packages/lib/server-only/document/find-document-audit-logs.ts

@@ -1,4 +1,4 @@
-import type { DocumentAuditLog, Prisma } from '@prisma/client';
+import { type DocumentAuditLog, EnvelopeType, type Prisma } from '@prisma/client';
 
 import { prisma } from '@documenso/prisma';
 
@@ -6,7 +6,7 @@ import { AppError, AppErrorCode } from '../../errors/app-error';
 import { DOCUMENT_AUDIT_LOG_TYPE } from '../../types/document-audit-logs';
 import type { FindResultResponse } from '../../types/search-params';
 import { parseDocumentAuditLogData } from '../../utils/document-audit-logs';
-import { getDocumentWhereInput } from './get-document-by-id';
+import { getEnvelopeWhereInput } from '../envelope/get-envelope-by-id';
 
 export interface FindDocumentAuditLogsOptions {
   userId: number;
@@ -35,22 +35,26 @@ export const findDocumentAuditLogs = async ({
   const orderByColumn = orderBy?.column ?? 'createdAt';
   const orderByDirection = orderBy?.direction ?? 'desc';
 
-  const { documentWhereInput } = await getDocumentWhereInput({
+  const { envelopeWhereInput } = await getEnvelopeWhereInput({
-    documentId,
+    id: {
+      type: 'documentId',
+      id: documentId,
+    },
+    type: EnvelopeType.DOCUMENT,
     userId,
     teamId,
   });
 
-  const document = await prisma.document.findFirst({
+  const envelope = await prisma.envelope.findUnique({
-    where: documentWhereInput,
+    where: envelopeWhereInput,
   });
 
-  if (!document) {
+  if (!envelope) {
     throw new AppError(AppErrorCode.NOT_FOUND);
   }
 
   const whereClause: Prisma.DocumentAuditLogWhereInput = {
-    documentId,
+    envelopeId: envelope.id,
   };
 
   // Filter events down to what we consider recent activity.

packages/lib/server-only/document/find-documents.ts

@@ -1,5 +1,5 @@
-import type { Document, DocumentSource, Prisma, Team, TeamEmail, User } from '@prisma/client';
+import type { DocumentSource, Envelope, Prisma, Team, TeamEmail, User } from '@prisma/client';
-import { RecipientRole, SigningStatus, TeamMemberRole } from '@prisma/client';
+import { EnvelopeType, RecipientRole, SigningStatus, TeamMemberRole } from '@prisma/client';
 import { DateTime } from 'luxon';
 import { match } from 'ts-pattern';
 
@@ -22,7 +22,7 @@ export type FindDocumentsOptions = {
   page?: number;
   perPage?: number;
   orderBy?: {
-    column: keyof Omit<Document, 'document'>;
+    column: keyof Pick<Envelope, 'createdAt'>;
     direction: 'asc' | 'desc';
   };
   period?: PeriodSelectorValue;
@@ -69,7 +69,7 @@ export const findDocuments = async ({
   const orderByDirection = orderBy?.direction ?? 'desc';
   const teamMemberRole = team?.currentTeamRole ?? null;
 
-  const searchFilter: Prisma.DocumentWhereInput = {
+  const searchFilter: Prisma.EnvelopeWhereInput = {
     OR: [
       { title: { contains: query, mode: 'insensitive' } },
       { externalId: { contains: query, mode: 'insensitive' } },
@@ -111,7 +111,7 @@ export const findDocuments = async ({
     },
   ];
 
-  let filters: Prisma.DocumentWhereInput | null = findDocumentsFilter(status, user, folderId);
+  let filters: Prisma.EnvelopeWhereInput | null = findDocumentsFilter(status, user, folderId);
 
   if (team) {
     filters = findTeamDocumentsFilter(status, team, visibilityFilters, folderId);
@@ -127,7 +127,7 @@ export const findDocuments = async ({
     };
   }
 
-  let deletedFilter: Prisma.DocumentWhereInput = {
+  let deletedFilter: Prisma.EnvelopeWhereInput = {
     AND: {
       OR: [
         {
@@ -180,7 +180,7 @@ export const findDocuments = async ({
     };
   }
 
-  const whereAndClause: Prisma.DocumentWhereInput['AND'] = [
+  const whereAndClause: Prisma.EnvelopeWhereInput['AND'] = [
     { ...filters },
     { ...deletedFilter },
     { ...searchFilter },
@@ -198,7 +198,8 @@ export const findDocuments = async ({
     });
   }
 
-  const whereClause: Prisma.DocumentWhereInput = {
+  const whereClause: Prisma.EnvelopeWhereInput = {
+    type: EnvelopeType.DOCUMENT,
     AND: whereAndClause,
   };
 
@@ -225,7 +226,7 @@ export const findDocuments = async ({
   }
 
   const [data, count] = await Promise.all([
-    prisma.document.findMany({
+    prisma.envelope.findMany({
       where: whereClause,
       skip: Math.max(page - 1, 0) * perPage,
       take: perPage,
@@ -249,7 +250,7 @@ export const findDocuments = async ({
         },
       },
     }),
-    prisma.document.count({
+    prisma.envelope.count({
       where: whereClause,
     }),
   ]);
@@ -275,7 +276,7 @@ const findDocumentsFilter = (
   user: Pick<User, 'id' | 'email' | 'name'>,
   folderId?: string | null,
 ) => {
-  return match<ExtendedDocumentStatus, Prisma.DocumentWhereInput>(status)
+  return match<ExtendedDocumentStatus, Prisma.EnvelopeWhereInput>(status)
     .with(ExtendedDocumentStatus.ALL, () => ({
       OR: [
         {
@@ -414,14 +415,14 @@ const findDocumentsFilter = (
 const findTeamDocumentsFilter = (
   status: ExtendedDocumentStatus,
   team: Team & { teamEmail: TeamEmail | null },
-  visibilityFilters: Prisma.DocumentWhereInput[],
+  visibilityFilters: Prisma.EnvelopeWhereInput[],
   folderId?: string,
 ) => {
   const teamEmail = team.teamEmail?.email ?? null;
 
-  return match<ExtendedDocumentStatus, Prisma.DocumentWhereInput | null>(status)
+  return match<ExtendedDocumentStatus, Prisma.EnvelopeWhereInput | null>(status)
     .with(ExtendedDocumentStatus.ALL, () => {
-      const filter: Prisma.DocumentWhereInput = {
+      const filter: Prisma.EnvelopeWhereInput = {
         // Filter to display all documents that belong to the team.
         OR: [
           {
@@ -483,7 +484,7 @@ const findTeamDocumentsFilter = (
       };
     })
     .with(ExtendedDocumentStatus.DRAFT, () => {
-      const filter: Prisma.DocumentWhereInput = {
+      const filter: Prisma.EnvelopeWhereInput = {
         OR: [
           {
             teamId: team.id,
@@ -508,7 +509,7 @@ const findTeamDocumentsFilter = (
       return filter;
     })
     .with(ExtendedDocumentStatus.PENDING, () => {
-      const filter: Prisma.DocumentWhereInput = {
+      const filter: Prisma.EnvelopeWhereInput = {
         OR: [
           {
             teamId: team.id,
@@ -550,7 +551,7 @@ const findTeamDocumentsFilter = (
       return filter;
     })
     .with(ExtendedDocumentStatus.COMPLETED, () => {
-      const filter: Prisma.DocumentWhereInput = {
+      const filter: Prisma.EnvelopeWhereInput = {
         status: ExtendedDocumentStatus.COMPLETED,
         OR: [
           {
@@ -582,7 +583,7 @@ const findTeamDocumentsFilter = (
       return filter;
     })
     .with(ExtendedDocumentStatus.REJECTED, () => {
-      const filter: Prisma.DocumentWhereInput = {
+      const filter: Prisma.EnvelopeWhereInput = {
         status: ExtendedDocumentStatus.REJECTED,
         OR: [
           {

packages/lib/server-only/document/get-document-by-access-token.ts

@@ -1,5 +1,9 @@
+import { DocumentStatus, EnvelopeType } from '@prisma/client';
+
 import { prisma } from '@documenso/prisma';
 
+import { mapSecondaryIdToDocumentId } from '../../utils/envelope';
+
 export type GetDocumentByAccessTokenOptions = {
   token: string;
 };
@@ -9,14 +13,25 @@ export const getDocumentByAccessToken = async ({ token }: GetDocumentByAccessTok
     throw new Error('Missing token');
   }
 
-  const result = await prisma.document.findFirstOrThrow({
+  const result = await prisma.envelope.findFirstOrThrow({
     where: {
+      type: EnvelopeType.DOCUMENT,
+      status: DocumentStatus.COMPLETED,
       qrToken: token,
     },
+    // Do not provide extra information that is not needed.
     select: {
       id: true,
+      secondaryId: true,
       title: true,
       completedAt: true,
+      team: {
+        select: {
+          url: true,
+        },
+      },
+      envelopeItems: {
+        select: {
           documentData: {
             select: {
               id: true,
@@ -25,14 +40,27 @@ export const getDocumentByAccessToken = async ({ token }: GetDocumentByAccessTok
               initialData: true,
             },
           },
-      documentMeta: {
+        },
+      },
+      _count: {
         select: {
-          password: true,
-        },
-      },
           recipients: true,
         },
+      },
+    },
   });
 
-  return result;
+  // Todo: Envelopes
+  if (!result.envelopeItems[0].documentData) {
+    throw new Error('Missing document data');
+  }
+
+  return {
+    id: mapSecondaryIdToDocumentId(result.secondaryId),
+    title: result.title,
+    completedAt: result.completedAt,
+    documentData: result.envelopeItems[0].documentData,
+    recipientCount: result._count.recipients,
+    documentTeamUrl: result.team.url,
+  };
 };

packages/lib/server-only/document/get-document-by-id.ts

@@ -1,156 +0,0 @@
-import type { Prisma } from '@prisma/client';
-import { DocumentStatus, TeamMemberRole } from '@prisma/client';
-import { match } from 'ts-pattern';
-
-import { prisma } from '@documenso/prisma';
-
-import { AppError, AppErrorCode } from '../../errors/app-error';
-import { DocumentVisibility } from '../../types/document-visibility';
-import { getTeamById } from '../team/get-team';
-
-export type GetDocumentByIdOptions = {
-  documentId: number;
-  userId: number;
-  teamId: number;
-  folderId?: string;
-};
-
-export const getDocumentById = async ({
-  documentId,
-  userId,
-  teamId,
-  folderId,
-}: GetDocumentByIdOptions) => {
-  const { documentWhereInput } = await getDocumentWhereInput({
-    documentId,
-    userId,
-    teamId,
-  });
-
-  const document = await prisma.document.findFirst({
-    where: {
-      ...documentWhereInput,
-      folderId,
-    },
-    include: {
-      documentData: true,
-      documentMeta: true,
-      user: {
-        select: {
-          id: true,
-          name: true,
-          email: true,
-        },
-      },
-      recipients: {
-        select: {
-          email: true,
-        },
-      },
-      team: {
-        select: {
-          id: true,
-          url: true,
-        },
-      },
-    },
-  });
-
-  if (!document) {
-    throw new AppError(AppErrorCode.NOT_FOUND, {
-      message: 'Document could not be found',
-    });
-  }
-
-  return document;
-};
-
-export type GetDocumentWhereInputOptions = {
-  documentId: number;
-  userId: number;
-  teamId: number;
-};
-
-/**
- * Generate the where input for a given Prisma document query.
- *
- * This will return a query that allows a user to get a document if they have valid access to it.
- */
-export const getDocumentWhereInput = async ({
-  documentId,
-  userId,
-  teamId,
-}: GetDocumentWhereInputOptions) => {
-  const team = await getTeamById({ teamId, userId });
-
-  const user = await prisma.user.findFirstOrThrow({
-    where: {
-      id: userId,
-    },
-  });
-
-  const teamVisibilityFilters = match(team.currentTeamRole)
-    .with(TeamMemberRole.ADMIN, () => [
-      DocumentVisibility.EVERYONE,
-      DocumentVisibility.MANAGER_AND_ABOVE,
-      DocumentVisibility.ADMIN,
-    ])
-    .with(TeamMemberRole.MANAGER, () => [
-      DocumentVisibility.EVERYONE,
-      DocumentVisibility.MANAGER_AND_ABOVE,
-    ])
-    .otherwise(() => [DocumentVisibility.EVERYONE]);
-
-  const documentOrInput: Prisma.DocumentWhereInput[] = [
-    // Allow access if they own the document.
-    {
-      userId,
-    },
-    // Or, if they belong to the team that the document is associated with.
-    {
-      visibility: {
-        in: teamVisibilityFilters,
-      },
-      teamId: team.id,
-    },
-    // Or, if they are a recipient of the document.
-    {
-      status: {
-        not: DocumentStatus.DRAFT,
-      },
-      recipients: {
-        some: {
-          email: user.email,
-        },
-      },
-    },
-  ];
-
-  // Allow access to documents sent to or from the team email.
-  if (team.teamEmail) {
-    documentOrInput.push(
-      {
-        recipients: {
-          some: {
-            email: team.teamEmail.email,
-          },
-        },
-      },
-      {
-        user: {
-          email: team.teamEmail.email,
-        },
-      },
-    );
-  }
-
-  const documentWhereInput: Prisma.DocumentWhereUniqueInput = {
-    id: documentId,
-    OR: documentOrInput,
-  };
-
-  return {
-    documentWhereInput,
-    team,
-  };
-};

packages/lib/server-only/document/get-document-by-token.ts

@@ -1,8 +1,10 @@
+import { EnvelopeType } from '@prisma/client';
+
 import { prisma } from '@documenso/prisma';
-import type { DocumentWithRecipient } from '@documenso/prisma/types/document-with-recipient';
 
 import { AppError, AppErrorCode } from '../../errors/app-error';
 import type { TDocumentAuthMethods } from '../../types/document-auth';
+import { mapSecondaryIdToDocumentId } from '../../utils/envelope';
 import { isRecipientAuthorized } from './is-recipient-authorized';
 
 export interface GetDocumentAndSenderByTokenOptions {
@@ -39,8 +41,9 @@ export const getDocumentByToken = async ({ token }: GetDocumentByTokenOptions) =
     throw new Error('Missing token');
   }
 
-  const result = await prisma.document.findFirstOrThrow({
+  const result = await prisma.envelope.findFirstOrThrow({
     where: {
+      type: EnvelopeType.DOCUMENT,
       recipients: {
         some: {
           token,
@@ -64,8 +67,9 @@ export const getDocumentAndSenderByToken = async ({
     throw new Error('Missing token');
   }
 
-  const result = await prisma.document.findFirstOrThrow({
+  const result = await prisma.envelope.findFirstOrThrow({
     where: {
+      type: EnvelopeType.DOCUMENT,
       recipients: {
         some: {
           token,
@@ -80,13 +84,17 @@ export const getDocumentAndSenderByToken = async ({
           name: true,
         },
       },
-      documentData: true,
       documentMeta: true,
       recipients: {
         where: {
           token,
         },
       },
+      envelopeItems: {
+        select: {
+          documentData: true,
+        },
+      },
       team: {
         select: {
           name: true,
@@ -102,6 +110,13 @@ export const getDocumentAndSenderByToken = async ({
     },
   });
 
+  // Todo: Envelopes
+  const firstDocumentData = result.envelopeItems[0].documentData;
+
+  if (!firstDocumentData) {
+    throw new Error('Missing document data');
+  }
+
   const recipient = result.recipients[0];
 
   // Sanity check, should not be possible.
@@ -127,6 +142,8 @@ export const getDocumentAndSenderByToken = async ({
     });
   }
 
+  const legacyDocumentId = mapSecondaryIdToDocumentId(result.secondaryId);
+
   return {
     ...result,
     user: {
@@ -134,64 +151,7 @@ export const getDocumentAndSenderByToken = async ({
       email: result.user.email,
       name: result.user.name,
     },
+    documentData: firstDocumentData,
+    id: legacyDocumentId,
   };
 };
-
-/**
- * Get a Document and a Recipient by the recipient token.
- */
-export const getDocumentAndRecipientByToken = async ({
-  token,
-  userId,
-  accessAuth,
-  requireAccessAuth = true,
-}: GetDocumentAndRecipientByTokenOptions): Promise<DocumentWithRecipient> => {
-  if (!token) {
-    throw new Error('Missing token');
-  }
-
-  const result = await prisma.document.findFirstOrThrow({
-    where: {
-      recipients: {
-        some: {
-          token,
-        },
-      },
-    },
-    include: {
-      recipients: {
-        where: {
-          token,
-        },
-      },
-      documentData: true,
-    },
-  });
-
-  const [recipient] = result.recipients;
-
-  // Sanity check, should not be possible.
-  if (!recipient) {
-    throw new Error('Missing recipient');
-  }
-
-  let documentAccessValid = true;
-
-  if (requireAccessAuth) {
-    documentAccessValid = await isRecipientAuthorized({
-      type: 'ACCESS',
-      documentAuthOptions: result.authOptions,
-      recipient,
-      userId,
-      authOptions: accessAuth,
-    });
-  }
-
-  if (!documentAccessValid) {
-    throw new AppError(AppErrorCode.UNAUTHORIZED, {
-      message: 'Invalid access values',
-    });
-  }
-
-  return result;
-};

packages/lib/server-only/document/get-document-certificate-audit-logs.ts

@@ -4,15 +4,15 @@ import { DOCUMENT_AUDIT_LOG_TYPE, DOCUMENT_EMAIL_TYPE } from '../../types/docume
 import { parseDocumentAuditLogData } from '../../utils/document-audit-logs';
 
 export type GetDocumentCertificateAuditLogsOptions = {
-  id: number;
+  envelopeId: string;
 };
 
 export const getDocumentCertificateAuditLogs = async ({
-  id,
+  envelopeId,
 }: GetDocumentCertificateAuditLogsOptions) => {
   const rawAuditLogs = await prisma.documentAuditLog.findMany({
     where: {
-      documentId: id,
+      envelopeId,
       type: {
         in: [
           DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_RECIPIENT_COMPLETED,

packages/lib/server-only/document/get-document-with-details-by-id.ts

@@ -1,67 +1,52 @@
-import { prisma } from '@documenso/prisma';
+import { EnvelopeType } from '@prisma/client';
 
-import { AppError, AppErrorCode } from '../../errors/app-error';
+import { type EnvelopeIdOptions, mapSecondaryIdToDocumentId } from '../../utils/envelope';
-import { getDocumentWhereInput } from './get-document-by-id';
+import { getEnvelopeById } from '../envelope/get-envelope-by-id';
 
 export type GetDocumentWithDetailsByIdOptions = {
-  documentId: number;
+  id: EnvelopeIdOptions;
   userId: number;
   teamId: number;
 };
 
 export const getDocumentWithDetailsById = async ({
-  documentId,
+  id,
   userId,
   teamId,
 }: GetDocumentWithDetailsByIdOptions) => {
-  const { documentWhereInput } = await getDocumentWhereInput({
+  const envelope = await getEnvelopeById({
-    documentId,
+    id,
+    type: EnvelopeType.DOCUMENT,
     userId,
     teamId,
   });
 
-  const document = await prisma.document.findFirst({
+  const legacyDocumentId = mapSecondaryIdToDocumentId(envelope.secondaryId);
-    where: {
-      ...documentWhereInput,
-    },
-    include: {
-      documentData: true,
-      documentMeta: true,
-      recipients: true,
-      folder: true,
-      fields: {
-        include: {
-          signature: true,
-          recipient: {
-            select: {
-              name: true,
-              email: true,
-              signingStatus: true,
-            },
-          },
-        },
-      },
-      team: {
-        select: {
-          id: true,
-          url: true,
-        },
-      },
-      user: {
-        select: {
-          id: true,
-          name: true,
-          email: true,
-        },
-      },
-    },
-  });
 
-  if (!document) {
+  // Todo: Envelopes
-    throw new AppError(AppErrorCode.NOT_FOUND, {
+  const firstDocumentData = envelope.envelopeItems[0].documentData;
-      message: 'Document not found',
+
-    });
+  if (!firstDocumentData) {
+    throw new Error('Document data not found');
   }
 
-  return document;
+  return {
+    ...envelope,
+    documentData: firstDocumentData,
+    id: legacyDocumentId,
+    fields: envelope.fields.map((field) => ({
+      ...field,
+      documentId: legacyDocumentId,
+    })),
+    user: {
+      id: envelope.userId,
+      name: envelope.user.name,
+      email: envelope.user.email,
+    },
+    team: {
+      id: envelope.teamId,
+      url: envelope.team.url,
+    },
+    recipients: envelope.recipients,
+  };
 };

packages/lib/server-only/document/get-recipient-or-sender-by-share-link-slug.ts

@@ -7,7 +7,7 @@ export type GetRecipientOrSenderByShareLinkSlugOptions = {
 export const getRecipientOrSenderByShareLinkSlug = async ({
   slug,
 }: GetRecipientOrSenderByShareLinkSlugOptions) => {
-  const { documentId, email } = await prisma.documentShareLink.findFirstOrThrow({
+  const { envelopeId, email } = await prisma.documentShareLink.findFirstOrThrow({
     where: {
       slug,
     },
@@ -15,7 +15,7 @@ export const getRecipientOrSenderByShareLinkSlug = async ({
 
   const sender = await prisma.user.findFirst({
     where: {
-      documents: { some: { id: documentId } },
+      envelopes: { some: { id: envelopeId } },
       email,
     },
     select: {
@@ -31,7 +31,7 @@ export const getRecipientOrSenderByShareLinkSlug = async ({
 
   const recipient = await prisma.recipient.findFirst({
     where: {
-      documentId,
+      envelopeId,
       email,
     },
     select: {

packages/lib/server-only/document/get-stats.ts

@@ -1,4 +1,4 @@
-import { TeamMemberRole } from '@prisma/client';
+import { EnvelopeType, TeamMemberRole } from '@prisma/client';
 import type { Prisma, User } from '@prisma/client';
 import { SigningStatus } from '@prisma/client';
 import { DocumentVisibility } from '@prisma/client';
@@ -25,7 +25,7 @@ export const getStats = async ({
   folderId,
   ...options
 }: GetStatsInput) => {
-  let createdAt: Prisma.DocumentWhereInput['createdAt'];
+  let createdAt: Prisma.EnvelopeWhereInput['createdAt'];
 
   if (period) {
     const daysAgo = parseInt(period.replace(/d$/, ''), 10);
@@ -90,13 +90,13 @@ export const getStats = async ({
 
 type GetCountsOption = {
   user: Pick<User, 'id' | 'email'>;
-  createdAt: Prisma.DocumentWhereInput['createdAt'];
+  createdAt: Prisma.EnvelopeWhereInput['createdAt'];
   search?: string;
   folderId?: string | null;
 };
 
 const getCounts = async ({ user, createdAt, search, folderId }: GetCountsOption) => {
-  const searchFilter: Prisma.DocumentWhereInput = {
+  const searchFilter: Prisma.EnvelopeWhereInput = {
     OR: [
       { title: { contains: search, mode: 'insensitive' } },
       { recipients: { some: { name: { contains: search, mode: 'insensitive' } } } },
@@ -108,12 +108,13 @@ const getCounts = async ({ user, createdAt, search, folderId }: GetCountsOption)
 
   return Promise.all([
     // Owner counts.
-    prisma.document.groupBy({
+    prisma.envelope.groupBy({
       by: ['status'],
       _count: {
         _all: true,
       },
       where: {
+        type: EnvelopeType.DOCUMENT,
         userId: user.id,
         createdAt,
         deletedAt: null,
@@ -121,12 +122,13 @@ const getCounts = async ({ user, createdAt, search, folderId }: GetCountsOption)
       },
     }),
     // Not signed counts.
-    prisma.document.groupBy({
+    prisma.envelope.groupBy({
       by: ['status'],
       _count: {
         _all: true,
       },
       where: {
+        type: EnvelopeType.DOCUMENT,
         status: ExtendedDocumentStatus.PENDING,
         recipients: {
           some: {
@@ -140,12 +142,13 @@ const getCounts = async ({ user, createdAt, search, folderId }: GetCountsOption)
       },
     }),
     // Has signed counts.
-    prisma.document.groupBy({
+    prisma.envelope.groupBy({
       by: ['status'],
       _count: {
         _all: true,
       },
       where: {
+        type: EnvelopeType.DOCUMENT,
         createdAt,
         user: {
           email: {
@@ -186,7 +189,7 @@ type GetTeamCountsOption = {
   senderIds?: number[];
   currentUserEmail: string;
   userId: number;
-  createdAt: Prisma.DocumentWhereInput['createdAt'];
+  createdAt: Prisma.EnvelopeWhereInput['createdAt'];
   currentTeamMemberRole?: TeamMemberRole;
   search?: string;
   folderId?: string | null;
@@ -197,14 +200,14 @@ const getTeamCounts = async (options: GetTeamCountsOption) => {
 
   const senderIds = options.senderIds ?? [];
 
-  const userIdWhereClause: Prisma.DocumentWhereInput['userId'] =
+  const userIdWhereClause: Prisma.EnvelopeWhereInput['userId'] =
     senderIds.length > 0
       ? {
           in: senderIds,
         }
       : undefined;
 
-  const searchFilter: Prisma.DocumentWhereInput = {
+  const searchFilter: Prisma.EnvelopeWhereInput = {
     OR: [
       { title: { contains: options.search, mode: 'insensitive' } },
       { recipients: { some: { name: { contains: options.search, mode: 'insensitive' } } } },
@@ -212,7 +215,8 @@ const getTeamCounts = async (options: GetTeamCountsOption) => {
     ],
   };
 
-  let ownerCountsWhereInput: Prisma.DocumentWhereInput = {
+  let ownerCountsWhereInput: Prisma.EnvelopeWhereInput = {
+    type: EnvelopeType.DOCUMENT,
     userId: userIdWhereClause,
     createdAt,
     teamId,
@@ -223,7 +227,7 @@ const getTeamCounts = async (options: GetTeamCountsOption) => {
   let notSignedCountsGroupByArgs = null;
   let hasSignedCountsGroupByArgs = null;
 
-  const visibilityFiltersWhereInput: Prisma.DocumentWhereInput = {
+  const visibilityFiltersWhereInput: Prisma.EnvelopeWhereInput = {
     AND: [
       { deletedAt: null },
       {
@@ -267,6 +271,7 @@ const getTeamCounts = async (options: GetTeamCountsOption) => {
 
   if (teamEmail) {
     ownerCountsWhereInput = {
+      type: EnvelopeType.DOCUMENT,
       userId: userIdWhereClause,
       createdAt,
       OR: [
@@ -288,6 +293,7 @@ const getTeamCounts = async (options: GetTeamCountsOption) => {
         _all: true,
       },
       where: {
+        type: EnvelopeType.DOCUMENT,
         userId: userIdWhereClause,
         createdAt,
         folderId,
@@ -301,7 +307,7 @@ const getTeamCounts = async (options: GetTeamCountsOption) => {
         },
         deletedAt: null,
       },
-    } satisfies Prisma.DocumentGroupByArgs;
+    } satisfies Prisma.EnvelopeGroupByArgs;
 
     hasSignedCountsGroupByArgs = {
       by: ['status'],
@@ -309,6 +315,7 @@ const getTeamCounts = async (options: GetTeamCountsOption) => {
         _all: true,
       },
       where: {
+        type: EnvelopeType.DOCUMENT,
         userId: userIdWhereClause,
         createdAt,
         folderId,
@@ -336,18 +343,18 @@ const getTeamCounts = async (options: GetTeamCountsOption) => {
           },
         ],
       },
-    } satisfies Prisma.DocumentGroupByArgs;
+    } satisfies Prisma.EnvelopeGroupByArgs;
   }
 
   return Promise.all([
-    prisma.document.groupBy({
+    prisma.envelope.groupBy({
       by: ['status'],
       _count: {
         _all: true,
       },
       where: ownerCountsWhereInput,
     }),
-    notSignedCountsGroupByArgs ? prisma.document.groupBy(notSignedCountsGroupByArgs) : [],
+    notSignedCountsGroupByArgs ? prisma.envelope.groupBy(notSignedCountsGroupByArgs) : [],
-    hasSignedCountsGroupByArgs ? prisma.document.groupBy(hasSignedCountsGroupByArgs) : [],
+    hasSignedCountsGroupByArgs ? prisma.envelope.groupBy(hasSignedCountsGroupByArgs) : [],
   ]);
 };

packages/lib/server-only/document/is-recipient-authorized.ts

@@ -1,4 +1,4 @@
-import type { Document, Recipient } from '@prisma/client';
+import type { Envelope, Recipient } from '@prisma/client';
 import { verifyAuthenticationResponse } from '@simplewebauthn/server';
 import { match } from 'ts-pattern';
 
@@ -17,8 +17,8 @@ import { extractDocumentAuthMethods } from '../../utils/document-auth';
 type IsRecipientAuthorizedOptions = {
   // !: Probably find a better name than 'ACCESS_2FA' if requirements change.
   type: 'ACCESS' | 'ACCESS_2FA' | 'ACTION';
-  documentAuthOptions: Document['authOptions'];
+  documentAuthOptions: Envelope['authOptions'];
-  recipient: Pick<Recipient, 'authOptions' | 'email' | 'documentId'>;
+  recipient: Pick<Recipient, 'authOptions' | 'email'>;
 
   /**
    * The ID of the user who initiated the request.
@@ -125,6 +125,7 @@ export const isRecipientAuthorized = async ({
       }
 
       if (type === 'ACCESS_2FA' && method === 'email') {
+        // Todo: Envelopes - Need to pass in the secondary ID to parse the document ID for.
         if (!recipient.documentId) {
           throw new AppError(AppErrorCode.NOT_FOUND, {
             message: 'Document ID is required for email 2FA verification',

packages/lib/server-only/document/reject-document-with-token.ts

@@ -1,4 +1,4 @@
-import { SigningStatus } from '@prisma/client';
+import { EnvelopeType, SigningStatus } from '@prisma/client';
 
 import { jobs } from '@documenso/lib/jobs/client';
 import { prisma } from '@documenso/prisma';
@@ -7,17 +7,19 @@ import { AppError, AppErrorCode } from '../../errors/app-error';
 import { DOCUMENT_AUDIT_LOG_TYPE } from '../../types/document-audit-logs';
 import type { RequestMetadata } from '../../universal/extract-request-metadata';
 import { createDocumentAuditLogData } from '../../utils/document-audit-logs';
+import type { EnvelopeIdOptions } from '../../utils/envelope';
+import { mapSecondaryIdToDocumentId, unsafeBuildEnvelopeIdQuery } from '../../utils/envelope';
 
 export type RejectDocumentWithTokenOptions = {
   token: string;
-  documentId: number;
+  id: EnvelopeIdOptions;
   reason: string;
   requestMetadata?: RequestMetadata;
 };
 
 export async function rejectDocumentWithToken({
   token,
-  documentId,
+  id,
   reason,
   requestMetadata,
 }: RejectDocumentWithTokenOptions) {
@@ -25,16 +27,16 @@ export async function rejectDocumentWithToken({
   const recipient = await prisma.recipient.findFirst({
     where: {
       token,
-      documentId,
+      envelope: unsafeBuildEnvelopeIdQuery(id, EnvelopeType.DOCUMENT),
     },
     include: {
-      document: true,
+      envelope: true,
     },
   });
 
-  const document = recipient?.document;
+  const envelope = recipient?.envelope;
 
-  if (!recipient || !document) {
+  if (!recipient || !envelope) {
     throw new AppError(AppErrorCode.NOT_FOUND, {
       message: 'Document or recipient not found',
     });
@@ -54,7 +56,7 @@ export async function rejectDocumentWithToken({
     }),
     prisma.documentAuditLog.create({
       data: createDocumentAuditLogData({
-        documentId,
+        envelopeId: envelope.id,
         type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_RECIPIENT_REJECTED,
         user: {
           name: recipient.name,
@@ -72,11 +74,13 @@ export async function rejectDocumentWithToken({
     }),
   ]);
 
+  const legacyDocumentId = mapSecondaryIdToDocumentId(envelope.secondaryId);
+
   // Trigger the seal document job to process the document asynchronously
   await jobs.triggerJob({
     name: 'internal.seal-document',
     payload: {
-      documentId,
+      documentId: legacyDocumentId,
       requestMetadata,
     },
   });
@@ -86,7 +90,7 @@ export async function rejectDocumentWithToken({
     name: 'send.signing.rejected.emails',
     payload: {
       recipientId: recipient.id,
-      documentId,
+      documentId: legacyDocumentId,
     },
   });
 
@@ -94,7 +98,7 @@ export async function rejectDocumentWithToken({
   await jobs.triggerJob({
     name: 'send.document.cancelled.emails',
     payload: {
-      documentId,
+      documentId: legacyDocumentId,
       cancellationReason: reason,
       requestMetadata,
     },

packages/lib/server-only/document/resend-document.ts

@@ -1,7 +1,13 @@
 import { createElement } from 'react';
 
 import { msg } from '@lingui/core/macro';
-import { DocumentStatus, OrganisationType, RecipientRole, SigningStatus } from '@prisma/client';
+import {
+  DocumentStatus,
+  EnvelopeType,
+  OrganisationType,
+  RecipientRole,
+  SigningStatus,
+} from '@prisma/client';
 
 import { mailer } from '@documenso/email/mailer';
 import { DocumentInviteEmailTemplate } from '@documenso/email/templates/document-invite';
@@ -21,7 +27,7 @@ import { extractDerivedDocumentEmailSettings } from '../../types/document-email'
 import { isDocumentCompleted } from '../../utils/document';
 import { renderEmailWithI18N } from '../../utils/render-email-with-i18n';
 import { getEmailContext } from '../email/get-email-context';
-import { getDocumentWhereInput } from './get-document-by-id';
+import { getEnvelopeWhereInput } from '../envelope/get-envelope-by-id';
 
 export type ResendDocumentOptions = {
   documentId: number;
@@ -42,16 +48,25 @@ export const resendDocument = async ({
     where: {
       id: userId,
     },
+    select: {
+      id: true,
+      email: true,
+      name: true,
+    },
   });
 
-  const { documentWhereInput } = await getDocumentWhereInput({
+  const { envelopeWhereInput } = await getEnvelopeWhereInput({
-    documentId,
+    id: {
+      type: 'documentId',
+      id: documentId,
+    },
+    type: EnvelopeType.DOCUMENT,
     userId,
     teamId,
   });
 
-  const document = await prisma.document.findUnique({
+  const envelope = await prisma.envelope.findUnique({
-    where: documentWhereInput,
+    where: envelopeWhereInput,
     include: {
       recipients: true,
       documentMeta: true,
@@ -64,31 +79,29 @@ export const resendDocument = async ({
     },
   });
 
-  const customEmail = document?.documentMeta;
+  if (!envelope) {
-
-  if (!document) {
     throw new Error('Document not found');
   }
 
-  if (document.recipients.length === 0) {
+  if (envelope.recipients.length === 0) {
     throw new Error('Document has no recipients');
   }
 
-  if (document.status === DocumentStatus.DRAFT) {
+  if (envelope.status === DocumentStatus.DRAFT) {
     throw new Error('Can not send draft document');
   }
 
-  if (isDocumentCompleted(document.status)) {
+  if (isDocumentCompleted(envelope.status)) {
     throw new Error('Can not send completed document');
   }
 
-  const recipientsToRemind = document.recipients.filter(
+  const recipientsToRemind = envelope.recipients.filter(
     (recipient) =>
       recipients.includes(recipient.id) && recipient.signingStatus === SigningStatus.NOT_SIGNED,
   );
 
   const isRecipientSigningRequestEmailEnabled = extractDerivedDocumentEmailSettings(
-    document.documentMeta,
+    envelope.documentMeta,
   ).recipientSigningRequest;
 
   if (!isRecipientSigningRequestEmailEnabled) {
@@ -100,9 +113,9 @@ export const resendDocument = async ({
       emailType: 'RECIPIENT',
       source: {
         type: 'team',
-        teamId: document.teamId,
+        teamId: envelope.teamId,
       },
-      meta: document.documentMeta,
+      meta: envelope.documentMeta,
     });
 
   await Promise.all(
@@ -122,42 +135,42 @@ export const resendDocument = async ({
         ._(RECIPIENT_ROLES_DESCRIPTION[recipient.role].actionVerb)
         .toLowerCase();
 
-      let emailMessage = customEmail?.message || '';
+      let emailMessage = envelope.documentMeta.message || '';
       let emailSubject = i18n._(msg`Reminder: Please ${recipientActionVerb} this document`);
 
       if (selfSigner) {
         emailMessage = i18n._(
-          msg`You have initiated the document ${`"${document.title}"`} that requires you to ${recipientActionVerb} it.`,
+          msg`You have initiated the document ${`"${envelope.title}"`} that requires you to ${recipientActionVerb} it.`,
         );
         emailSubject = i18n._(msg`Reminder: Please ${recipientActionVerb} your document`);
       }
 
       if (organisationType === OrganisationType.ORGANISATION) {
         emailSubject = i18n._(
-          msg`Reminder: ${document.team.name} invited you to ${recipientActionVerb} a document`,
+          msg`Reminder: ${envelope.team.name} invited you to ${recipientActionVerb} a document`,
         );
         emailMessage =
-          customEmail?.message ||
+          envelope.documentMeta.message ||
           i18n._(
-            msg`${user.name || user.email} on behalf of "${document.team.name}" has invited you to ${recipientActionVerb} the document "${document.title}".`,
+            msg`${user.name || user.email} on behalf of "${envelope.team.name}" has invited you to ${recipientActionVerb} the document "${envelope.title}".`,
           );
       }
 
       const customEmailTemplate = {
         'signer.name': name,
         'signer.email': email,
-        'document.name': document.title,
+        'document.name': envelope.title,
       };
 
       const assetBaseUrl = NEXT_PUBLIC_WEBAPP_URL() || 'http://localhost:3000';
       const signDocumentLink = `${NEXT_PUBLIC_WEBAPP_URL()}/sign/${recipient.token}`;
 
       const template = createElement(DocumentInviteEmailTemplate, {
-        documentName: document.title,
+        documentName: envelope.title,
         inviterName: user.name || undefined,
         inviterEmail:
           organisationType === OrganisationType.ORGANISATION
-            ? document.team?.teamEmail?.email || user.email
+            ? envelope.team?.teamEmail?.email || user.email
             : user.email,
         assetBaseUrl,
         signDocumentLink,
@@ -165,7 +178,7 @@ export const resendDocument = async ({
         role: recipient.role,
         selfSigner,
         organisationType,
-        teamName: document.team?.name,
+        teamName: envelope.team?.name,
       });
 
       const [html, text] = await Promise.all([
@@ -189,9 +202,9 @@ export const resendDocument = async ({
             },
             from: senderEmail,
             replyTo: replyToEmail,
-            subject: customEmail?.subject
+            subject: envelope.documentMeta.subject
               ? renderCustomEmailTemplate(
-                  i18n._(msg`Reminder: ${customEmail.subject}`),
+                  i18n._(msg`Reminder: ${envelope.documentMeta.subject}`),
                   customEmailTemplate,
                 )
               : emailSubject,
@@ -202,7 +215,7 @@ export const resendDocument = async ({
           await tx.documentAuditLog.create({
             data: createDocumentAuditLogData({
               type: DOCUMENT_AUDIT_LOG_TYPE.EMAIL_SENT,
-              documentId: document.id,
+              envelopeId: envelope.id,
               metadata: requestMetadata,
               data: {
                 emailType: recipientEmailType,

packages/lib/server-only/document/seal-document.ts

@@ -1,4 +1,10 @@
-import { DocumentStatus, RecipientRole, SigningStatus, WebhookTriggerEvents } from '@prisma/client';
+import {
+  DocumentStatus,
+  EnvelopeType,
+  RecipientRole,
+  SigningStatus,
+  WebhookTriggerEvents,
+} from '@prisma/client';
 import { nanoid } from 'nanoid';
 import path from 'node:path';
 import { PDFDocument } from 'pdf-lib';
@@ -11,12 +17,17 @@ import { signPdf } from '@documenso/signing';
 
 import {
   ZWebhookDocumentSchema,
-  mapDocumentToWebhookDocumentPayload,
+  mapEnvelopeToWebhookDocumentPayload,
 } from '../../types/webhook-payload';
 import type { RequestMetadata } from '../../universal/extract-request-metadata';
 import { getFileServerSide } from '../../universal/upload/get-file.server';
 import { putPdfFileServerSide } from '../../universal/upload/put-file.server';
 import { fieldsContainUnsignedRequiredField } from '../../utils/advanced-fields-helpers';
+import {
+  type EnvelopeIdOptions,
+  mapSecondaryIdToDocumentId,
+  unsafeBuildEnvelopeIdQuery,
+} from '../../utils/envelope';
 import { getAuditLogsPdf } from '../htmltopdf/get-audit-logs-pdf';
 import { getCertificatePdf } from '../htmltopdf/get-certificate-pdf';
 import { addRejectionStampToPdf } from '../pdf/add-rejection-stamp-to-pdf';
@@ -30,47 +41,61 @@ import { triggerWebhook } from '../webhooks/trigger/trigger-webhook';
 import { sendCompletedEmail } from './send-completed-email';
 
 export type SealDocumentOptions = {
-  documentId: number;
+  id: EnvelopeIdOptions;
   sendEmail?: boolean;
   isResealing?: boolean;
   requestMetadata?: RequestMetadata;
 };
 
 export const sealDocument = async ({
-  documentId,
+  id,
   sendEmail = true,
   isResealing = false,
   requestMetadata,
 }: SealDocumentOptions) => {
-  const document = await prisma.document.findFirstOrThrow({
+  const envelope = await prisma.envelope.findFirstOrThrow({
-    where: {
+    where: unsafeBuildEnvelopeIdQuery(id, EnvelopeType.DOCUMENT),
-      id: documentId,
+    include: {
+      envelopeItems: {
+        select: {
+          id: true,
+          documentData: true,
         },
         include: {
-      documentData: true,
+          field: {
-      documentMeta: true,
+            include: {
-      recipients: true,
+              signature: true,
             },
-  });
+          },
-
+        },
-  const { documentData } = document;
+      },
-
+      documentMeta: true,
-  if (!documentData) {
+      recipients: {
-    throw new Error(`Document ${document.id} has no document data`);
-  }
-
-  const settings = await getTeamSettings({
-    userId: document.userId,
-    teamId: document.teamId,
-  });
-
-  const recipients = await prisma.recipient.findMany({
         where: {
-      documentId: document.id,
           role: {
             not: RecipientRole.CC,
           },
         },
+      },
+    },
+  });
+
+  // Todo: Envelopes
+  const envelopeItemToSeal = envelope.envelopeItems[0];
+
+  // Todo: Envelopes
+  if (envelope.envelopeItems.length !== 1 || !envelopeItemToSeal) {
+    throw new Error(`Document ${envelope.id} needs exactly 1 envelope item`);
+  }
+
+  const legacyDocumentId = mapSecondaryIdToDocumentId(envelope.secondaryId);
+  const documentData = envelopeItemToSeal.documentData;
+  const fields = envelopeItemToSeal.field; // Todo: Envelopes - This only takes in the first envelope item fields.
+  const recipients = envelope.recipients;
+
+  const settings = await getTeamSettings({
+    userId: envelope.userId,
+    teamId: envelope.teamId,
   });
 
   // Determine if the document has been rejected by checking if any recipient has rejected it
@@ -88,21 +113,12 @@ export const sealDocument = async ({
     !isRejected &&
     recipients.some((recipient) => recipient.signingStatus !== SigningStatus.SIGNED)
   ) {
-    throw new Error(`Document ${document.id} has unsigned recipients`);
+    throw new Error(`Envelope ${envelope.id} has unsigned recipients`);
   }
 
-  const fields = await prisma.field.findMany({
-    where: {
-      documentId: document.id,
-    },
-    include: {
-      signature: true,
-    },
-  });
-
   // Skip the field check if the document is rejected
   if (!isRejected && fieldsContainUnsignedRequiredField(fields)) {
-    throw new Error(`Document ${document.id} has unsigned required fields`);
+    throw new Error(`Document ${envelope.id} has unsigned required fields`);
   }
 
   if (isResealing) {
@@ -116,8 +132,8 @@ export const sealDocument = async ({
 
   const certificateData = settings.includeSigningCertificate
     ? await getCertificatePdf({
-        documentId,
+        documentId: legacyDocumentId,
-        language: document.documentMeta?.language,
+        language: envelope.documentMeta.language,
       }).catch((e) => {
         console.log('Failed to get certificate PDF');
         console.error(e);
@@ -128,8 +144,8 @@ export const sealDocument = async ({
 
   const auditLogData = settings.includeAuditLog
     ? await getAuditLogsPdf({
-        documentId,
+        documentId: legacyDocumentId,
-        language: document.documentMeta?.language,
+        language: envelope.documentMeta.language,
       }).catch((e) => {
         console.log('Failed to get audit logs PDF');
         console.error(e);
@@ -171,7 +187,7 @@ export const sealDocument = async ({
   }
 
   for (const field of fields) {
-    document.useLegacyFieldInsertion
+    envelope.useLegacyFieldInsertion
       ? await legacy_insertFieldInPDF(doc, field)
       : await insertFieldInPDF(doc, field);
   }
@@ -183,7 +199,8 @@ export const sealDocument = async ({
 
   const pdfBuffer = await signPdf({ pdf: Buffer.from(pdfBytes) });
 
-  const { name } = path.parse(document.title);
+  // Todo: Envelopes use EnvelopeItem title instead.
+  const { name } = path.parse(envelope.title);
 
   // Add suffix based on document status
   const suffix = isRejected ? '_rejected.pdf' : '_signed.pdf';
@@ -201,16 +218,16 @@ export const sealDocument = async ({
       distinctId: nanoid(),
       event: 'App: Document Sealed',
       properties: {
-        documentId: document.id,
+        documentId: envelope.id,
         isRejected,
       },
     });
   }
 
   await prisma.$transaction(async (tx) => {
-    await tx.document.update({
+    await tx.envelope.update({
       where: {
-        id: document.id,
+        id: envelope.id,
       },
       data: {
         status: isRejected ? DocumentStatus.REJECTED : DocumentStatus.COMPLETED,
@@ -230,7 +247,7 @@ export const sealDocument = async ({
     await tx.documentAuditLog.create({
       data: createDocumentAuditLogData({
         type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_COMPLETED,
-        documentId: document.id,
+        envelopeId: envelope.id,
         requestMetadata,
         user: null,
         data: {
@@ -242,15 +259,14 @@ export const sealDocument = async ({
   });
 
   if (sendEmail && !isResealing) {
-    await sendCompletedEmail({ documentId, requestMetadata });
+    await sendCompletedEmail({ id, requestMetadata });
   }
 
-  const updatedDocument = await prisma.document.findFirstOrThrow({
+  const updatedDocument = await prisma.envelope.findFirstOrThrow({
     where: {
-      id: document.id,
+      id: envelope.id,
     },
     include: {
-      documentData: true,
       documentMeta: true,
       recipients: true,
     },
@@ -260,8 +276,8 @@ export const sealDocument = async ({
     event: isRejected
       ? WebhookTriggerEvents.DOCUMENT_REJECTED
       : WebhookTriggerEvents.DOCUMENT_COMPLETED,
-    data: ZWebhookDocumentSchema.parse(mapDocumentToWebhookDocumentPayload(updatedDocument)),
+    data: ZWebhookDocumentSchema.parse(mapEnvelopeToWebhookDocumentPayload(updatedDocument)),
-    userId: document.userId,
+    userId: envelope.userId,
-    teamId: document.teamId ?? undefined,
+    teamId: envelope.teamId ?? undefined,
   });
 };

packages/lib/server-only/document/search-documents-with-keyword.ts

@@ -1,5 +1,6 @@
-import type { Document, Recipient, User } from '@prisma/client';
+import { DocumentStatus, EnvelopeType } from '@prisma/client';
-import { DocumentStatus, DocumentVisibility, TeamMemberRole } from '@prisma/client';
+import type { Envelope, Recipient, User } from '@prisma/client';
+import { DocumentVisibility, TeamMemberRole } from '@prisma/client';
 import { match } from 'ts-pattern';
 
 import {
@@ -9,6 +10,8 @@ import {
 } from '@documenso/lib/utils/teams';
 import { prisma } from '@documenso/prisma';
 
+import { mapSecondaryIdToDocumentId } from '../../utils/envelope';
+
 export type SearchDocumentsWithKeywordOptions = {
   query: string;
   userId: number;
@@ -26,8 +29,9 @@ export const searchDocumentsWithKeyword = async ({
     },
   });
 
-  const documents = await prisma.document.findMany({
+  const envelopes = await prisma.envelope.findMany({
     where: {
+      type: EnvelopeType.DOCUMENT,
       OR: [
         {
           title: {
@@ -128,26 +132,26 @@ export const searchDocumentsWithKeyword = async ({
     take: limit,
   });
 
-  const isOwner = (document: Document, user: User) => document.userId === user.id;
+  const isOwner = (envelope: Envelope, user: User) => envelope.userId === user.id;
 
   const getSigningLink = (recipients: Recipient[], user: User) =>
     `/sign/${recipients.find((r) => r.email === user.email)?.token}`;
 
-  const maskedDocuments = documents
+  const maskedDocuments = envelopes
-    .filter((document) => {
+    .filter((envelope) => {
-      if (!document.teamId || isOwner(document, user)) {
+      if (!envelope.teamId || isOwner(envelope, user)) {
         return true;
       }
 
       const teamMemberRole = getHighestTeamRoleInGroup(
-        document.team.teamGroups.filter((tg) => tg.teamId === document.teamId),
+        envelope.team.teamGroups.filter((tg) => tg.teamId === envelope.teamId),
       );
 
       if (!teamMemberRole) {
         return false;
       }
 
-      const canAccessDocument = match([document.visibility, teamMemberRole])
+      const canAccessDocument = match([envelope.visibility, teamMemberRole])
         .with([DocumentVisibility.EVERYONE, TeamMemberRole.ADMIN], () => true)
         .with([DocumentVisibility.EVERYONE, TeamMemberRole.MANAGER], () => true)
         .with([DocumentVisibility.EVERYONE, TeamMemberRole.MEMBER], () => true)
@@ -158,23 +162,29 @@ export const searchDocumentsWithKeyword = async ({
 
       return canAccessDocument;
     })
-    .map((document) => {
+    .map((envelope) => {
-      const { recipients, ...documentWithoutRecipient } = document;
+      const { recipients, ...documentWithoutRecipient } = envelope;
 
       let documentPath;
 
-      if (isOwner(document, user)) {
+      const legacyDocumentId = mapSecondaryIdToDocumentId(envelope.secondaryId);
-        documentPath = `${formatDocumentsPath(document.team?.url)}/${document.id}`;
+
-      } else if (document.teamId && document.team.teamGroups.length > 0) {
+      if (isOwner(envelope, user)) {
-        documentPath = `${formatDocumentsPath(document.team.url)}/${document.id}`;
+        documentPath = `${formatDocumentsPath(envelope.team.url)}/${legacyDocumentId}`;
+      } else if (envelope.teamId && envelope.team.teamGroups.length > 0) {
+        documentPath = `${formatDocumentsPath(envelope.team.url)}/${legacyDocumentId}`;
       } else {
         documentPath = getSigningLink(recipients, user);
       }
 
       return {
         ...documentWithoutRecipient,
+        team: {
+          id: envelope.teamId,
+          url: envelope.team.url,
+        },
         path: documentPath,
-        value: [document.id, document.title, ...document.recipients.map((r) => r.email)].join(' '),
+        value: [envelope.id, envelope.title, ...envelope.recipients.map((r) => r.email)].join(' '),
       };
     });
 

packages/lib/server-only/document/send-completed-email.ts

@@ -1,7 +1,7 @@
 import { createElement } from 'react';
 
 import { msg } from '@lingui/core/macro';
-import { DocumentSource } from '@prisma/client';
+import { DocumentSource, EnvelopeType } from '@prisma/client';
 
 import { mailer } from '@documenso/email/mailer';
 import { DocumentCompletedEmailTemplate } from '@documenso/email/templates/document-completed';
@@ -14,23 +14,33 @@ import { extractDerivedDocumentEmailSettings } from '../../types/document-email'
 import type { RequestMetadata } from '../../universal/extract-request-metadata';
 import { getFileServerSide } from '../../universal/upload/get-file.server';
 import { createDocumentAuditLogData } from '../../utils/document-audit-logs';
+import type { EnvelopeIdOptions } from '../../utils/envelope';
+import { unsafeBuildEnvelopeIdQuery } from '../../utils/envelope';
 import { renderCustomEmailTemplate } from '../../utils/render-custom-email-template';
 import { renderEmailWithI18N } from '../../utils/render-email-with-i18n';
 import { formatDocumentsPath } from '../../utils/teams';
 import { getEmailContext } from '../email/get-email-context';
 
 export interface SendDocumentOptions {
-  documentId: number;
+  id: EnvelopeIdOptions;
   requestMetadata?: RequestMetadata;
 }
 
-export const sendCompletedEmail = async ({ documentId, requestMetadata }: SendDocumentOptions) => {
+export const sendCompletedEmail = async ({ id, requestMetadata }: SendDocumentOptions) => {
-  const document = await prisma.document.findUnique({
+  const envelope = await prisma.envelope.findUnique({
-    where: {
+    where: unsafeBuildEnvelopeIdQuery(id, EnvelopeType.DOCUMENT),
-      id: documentId,
-    },
     include: {
-      documentData: true,
+      envelopeItems: {
+        include: {
+          documentData: {
+            select: {
+              type: true,
+              id: true,
+              data: true,
+            },
+          },
+        },
+      },
       documentMeta: true,
       recipients: true,
       user: {
@@ -49,13 +59,13 @@ export const sendCompletedEmail = async ({ documentId, requestMetadata }: SendDo
     },
   });
 
-  if (!document) {
+  if (!envelope) {
     throw new Error('Document not found');
   }
 
-  const isDirectTemplate = document?.source === DocumentSource.TEMPLATE_DIRECT_LINK;
+  const isDirectTemplate = envelope?.source === DocumentSource.TEMPLATE_DIRECT_LINK;
 
-  if (document.recipients.length === 0) {
+  if (envelope.recipients.length === 0) {
     throw new Error('Document has no recipients');
   }
 
@@ -63,28 +73,37 @@ export const sendCompletedEmail = async ({ documentId, requestMetadata }: SendDo
     emailType: 'RECIPIENT',
     source: {
       type: 'team',
-      teamId: document.teamId,
+      teamId: envelope.teamId,
     },
-    meta: document.documentMeta,
+    meta: envelope.documentMeta,
   });
 
-  const { user: owner } = document;
+  const { user: owner } = envelope;
 
-  const completedDocument = await getFileServerSide(document.documentData);
+  const completedDocumentEmailAttachments = await Promise.all(
+    envelope.envelopeItems.map(async (document) => {
+      const file = await getFileServerSide(document.documentData);
+
+      return {
+        fileName: document.title.endsWith('.pdf') ? document.title : document.title + '.pdf',
+        content: Buffer.from(file),
+      };
+    }),
+  );
 
   const assetBaseUrl = NEXT_PUBLIC_WEBAPP_URL() || 'http://localhost:3000';
 
   let documentOwnerDownloadLink = `${NEXT_PUBLIC_WEBAPP_URL()}${formatDocumentsPath(
-    document.team?.url,
+    envelope.team?.url,
-  )}/${document.id}`;
+  )}/${envelope.id}`;
 
-  if (document.team?.url) {
+  if (envelope.team?.url) {
-    documentOwnerDownloadLink = `${NEXT_PUBLIC_WEBAPP_URL()}/t/${document.team.url}/documents/${
+    documentOwnerDownloadLink = `${NEXT_PUBLIC_WEBAPP_URL()}/t/${envelope.team.url}/documents/${
-      document.id
+      envelope.id
     }`;
   }
 
-  const emailSettings = extractDerivedDocumentEmailSettings(document.documentMeta);
+  const emailSettings = extractDerivedDocumentEmailSettings(envelope.documentMeta);
   const isDocumentCompletedEmailEnabled = emailSettings.documentCompleted;
   const isOwnerDocumentCompletedEmailEnabled = emailSettings.ownerDocumentCompleted;
 
@@ -95,11 +114,11 @@ export const sendCompletedEmail = async ({ documentId, requestMetadata }: SendDo
   //    - Recipient emails are disabled
   if (
     isOwnerDocumentCompletedEmailEnabled &&
-    (!document.recipients.find((recipient) => recipient.email === owner.email) ||
+    (!envelope.recipients.find((recipient) => recipient.email === owner.email) ||
       !isDocumentCompletedEmailEnabled)
   ) {
     const template = createElement(DocumentCompletedEmailTemplate, {
-      documentName: document.title,
+      documentName: envelope.title,
       assetBaseUrl,
       downloadLink: documentOwnerDownloadLink,
     });
@@ -127,18 +146,13 @@ export const sendCompletedEmail = async ({ documentId, requestMetadata }: SendDo
       subject: i18n._(msg`Signing Complete!`),
       html,
       text,
-      attachments: [
+      attachments: completedDocumentEmailAttachments,
-        {
-          filename: document.title.endsWith('.pdf') ? document.title : document.title + '.pdf',
-          content: Buffer.from(completedDocument),
-        },
-      ],
     });
 
     await prisma.documentAuditLog.create({
       data: createDocumentAuditLogData({
         type: DOCUMENT_AUDIT_LOG_TYPE.EMAIL_SENT,
-        documentId: document.id,
+        envelopeId: envelope.id,
         user: null,
         requestMetadata,
         data: {
@@ -158,22 +172,22 @@ export const sendCompletedEmail = async ({ documentId, requestMetadata }: SendDo
   }
 
   await Promise.all(
-    document.recipients.map(async (recipient) => {
+    envelope.recipients.map(async (recipient) => {
       const customEmailTemplate = {
         'signer.name': recipient.name,
         'signer.email': recipient.email,
-        'document.name': document.title,
+        'document.name': envelope.title,
       };
 
       const downloadLink = `${NEXT_PUBLIC_WEBAPP_URL()}/sign/${recipient.token}/complete`;
 
       const template = createElement(DocumentCompletedEmailTemplate, {
-        documentName: document.title,
+        documentName: envelope.title,
         assetBaseUrl,
         downloadLink: recipient.email === owner.email ? documentOwnerDownloadLink : downloadLink,
         customBody:
-          isDirectTemplate && document.documentMeta?.message
+          isDirectTemplate && envelope.documentMeta?.message
-            ? renderCustomEmailTemplate(document.documentMeta.message, customEmailTemplate)
+            ? renderCustomEmailTemplate(envelope.documentMeta.message, customEmailTemplate)
             : undefined,
       });
 
@@ -198,23 +212,18 @@ export const sendCompletedEmail = async ({ documentId, requestMetadata }: SendDo
         from: senderEmail,
         replyTo: replyToEmail,
         subject:
-          isDirectTemplate && document.documentMeta?.subject
+          isDirectTemplate && envelope.documentMeta?.subject
-            ? renderCustomEmailTemplate(document.documentMeta.subject, customEmailTemplate)
+            ? renderCustomEmailTemplate(envelope.documentMeta.subject, customEmailTemplate)
             : i18n._(msg`Signing Complete!`),
         html,
         text,
-        attachments: [
+        attachments: completedDocumentEmailAttachments,
-          {
-            filename: document.title.endsWith('.pdf') ? document.title : document.title + '.pdf',
-            content: Buffer.from(completedDocument),
-          },
-        ],
       });
 
       await prisma.documentAuditLog.create({
         data: createDocumentAuditLogData({
           type: DOCUMENT_AUDIT_LOG_TYPE.EMAIL_SENT,
-          documentId: document.id,
+          envelopeId: envelope.id,
           user: null,
           requestMetadata,
           data: {

packages/lib/server-only/document/send-delete-email.ts

@@ -14,14 +14,15 @@ import { renderEmailWithI18N } from '../../utils/render-email-with-i18n';
 import { getEmailContext } from '../email/get-email-context';
 
 export interface SendDeleteEmailOptions {
-  documentId: number;
+  envelopeId: string;
   reason: string;
 }
 
-export const sendDeleteEmail = async ({ documentId, reason }: SendDeleteEmailOptions) => {
+// Note: Currently only sent by Admin function
-  const document = await prisma.document.findFirst({
+export const sendDeleteEmail = async ({ envelopeId, reason }: SendDeleteEmailOptions) => {
+  const envelope = await prisma.envelope.findFirst({
     where: {
-      id: documentId,
+      id: envelopeId,
     },
     include: {
       user: {
@@ -35,14 +36,14 @@ export const sendDeleteEmail = async ({ documentId, reason }: SendDeleteEmailOpt
     },
   });
 
-  if (!document) {
+  if (!envelope) {
     throw new AppError(AppErrorCode.NOT_FOUND, {
       message: 'Document not found',
     });
   }
 
   const isDocumentDeletedEmailEnabled = extractDerivedDocumentEmailSettings(
-    document.documentMeta,
+    envelope.documentMeta,
   ).documentDeleted;
 
   if (!isDocumentDeletedEmailEnabled) {
@@ -53,17 +54,17 @@ export const sendDeleteEmail = async ({ documentId, reason }: SendDeleteEmailOpt
     emailType: 'INTERNAL',
     source: {
       type: 'team',
-      teamId: document.teamId,
+      teamId: envelope.teamId,
     },
-    meta: document.documentMeta,
+    meta: envelope.documentMeta,
   });
 
-  const { email, name } = document.user;
+  const { email, name } = envelope.user;
 
   const assetBaseUrl = NEXT_PUBLIC_WEBAPP_URL() || 'http://localhost:3000';
 
   const template = createElement(DocumentSuperDeleteEmailTemplate, {
-    documentName: document.title,
+    documentName: envelope.title,
     reason,
     assetBaseUrl,
   });

packages/lib/server-only/document/send-document.ts

@@ -1,6 +1,7 @@
 import {
   DocumentSigningOrder,
   DocumentStatus,
+  EnvelopeType,
   RecipientRole,
   SendStatus,
   SigningStatus,
@@ -16,17 +17,18 @@ import { jobs } from '../../jobs/client';
 import { extractDerivedDocumentEmailSettings } from '../../types/document-email';
 import {
   ZWebhookDocumentSchema,
-  mapDocumentToWebhookDocumentPayload,
+  mapEnvelopeToWebhookDocumentPayload,
 } from '../../types/webhook-payload';
 import { getFileServerSide } from '../../universal/upload/get-file.server';
 import { putPdfFileServerSide } from '../../universal/upload/put-file.server';
 import { isDocumentCompleted } from '../../utils/document';
+import { type EnvelopeIdOptions, mapSecondaryIdToDocumentId } from '../../utils/envelope';
+import { getEnvelopeWhereInput } from '../envelope/get-envelope-by-id';
 import { insertFormValuesInPdf } from '../pdf/insert-form-values-in-pdf';
 import { triggerWebhook } from '../webhooks/trigger/trigger-webhook';
-import { getDocumentWhereInput } from './get-document-by-id';
 
 export type SendDocumentOptions = {
-  documentId: number;
+  id: EnvelopeIdOptions;
   userId: number;
   teamId: number;
   sendEmail?: boolean;
@@ -34,75 +36,92 @@ export type SendDocumentOptions = {
 };
 
 export const sendDocument = async ({
-  documentId,
+  id,
   userId,
   teamId,
   sendEmail,
   requestMetadata,
 }: SendDocumentOptions) => {
-  const { documentWhereInput } = await getDocumentWhereInput({
+  const { envelopeWhereInput } = await getEnvelopeWhereInput({
-    documentId,
+    id,
+    type: EnvelopeType.DOCUMENT,
     userId,
     teamId,
   });
 
-  const document = await prisma.document.findFirst({
+  const envelope = await prisma.envelope.findFirst({
-    where: documentWhereInput,
+    where: envelopeWhereInput,
     include: {
       recipients: {
         orderBy: [{ signingOrder: { sort: 'asc', nulls: 'last' } }, { id: 'asc' }],
       },
       documentMeta: true,
-      documentData: true,
+      envelopeItems: {
+        select: {
+          id: true,
+          documentData: {
+            select: {
+              type: true,
+              id: true,
+              data: true,
+            },
+          },
+        },
+      },
     },
   });
 
-  if (!document) {
+  if (!envelope) {
     throw new Error('Document not found');
   }
 
-  if (document.recipients.length === 0) {
+  if (envelope.recipients.length === 0) {
     throw new Error('Document has no recipients');
   }
 
-  if (isDocumentCompleted(document.status)) {
+  if (isDocumentCompleted(envelope.status)) {
     throw new Error('Can not send completed document');
   }
 
-  const signingOrder = document.documentMeta?.signingOrder || DocumentSigningOrder.PARALLEL;
+  const legacyDocumentId = mapSecondaryIdToDocumentId(envelope.secondaryId);
 
-  let recipientsToNotify = document.recipients;
+  const signingOrder = envelope.documentMeta?.signingOrder || DocumentSigningOrder.PARALLEL;
+
+  let recipientsToNotify = envelope.recipients;
 
   if (signingOrder === DocumentSigningOrder.SEQUENTIAL) {
     // Get the currently active recipient.
-    recipientsToNotify = document.recipients
+    recipientsToNotify = envelope.recipients
       .filter((r) => r.signingStatus === SigningStatus.NOT_SIGNED && r.role !== RecipientRole.CC)
       .slice(0, 1);
 
     // Secondary filter so we aren't resending if the current active recipient has already
-    // received the document.
+    // received the envelope.
     recipientsToNotify.filter((r) => r.sendStatus !== SendStatus.SENT);
   }
 
-  const { documentData } = document;
+  const envelopeItem = envelope.envelopeItems[0];
+  const documentData = envelopeItem?.documentData;
 
-  if (!documentData.data) {
+  // Todo: Envelopes
-    throw new Error('Document data not found');
+  if (!envelopeItem || !documentData || envelope.envelopeItems.length !== 1) {
+    throw new Error('Invalid document data');
   }
 
-  if (document.formValues) {
+  // Todo: Envelopes need to support multiple envelope items.
+  if (envelope.formValues) {
     const file = await getFileServerSide(documentData);
 
     const prefilled = await insertFormValuesInPdf({
       pdf: Buffer.from(file),
       // eslint-disable-next-line @typescript-eslint/consistent-type-assertions
-      formValues: document.formValues as Record<string, string | number | boolean>,
+      formValues: envelope.formValues as Record<string, string | number | boolean>,
     });
 
-    let fileName = document.title;
+    let fileName = envelope.title;
 
-    if (!document.title.endsWith('.pdf')) {
+    if (!envelope.title.endsWith('.pdf')) {
-      fileName = `${document.title}.pdf`;
+      fileName = `${envelope.title}.pdf`;
     }
 
     const newDocumentData = await putPdfFileServerSide({
@@ -111,9 +130,9 @@ export const sendDocument = async ({
       arrayBuffer: async () => Promise.resolve(prefilled),
     });
 
-    const result = await prisma.document.update({
+    const result = await prisma.envelopeItem.update({
       where: {
-        id: document.id,
+        id: envelopeItem.id,
       },
       data: {
         documentDataId: newDocumentData.id,
@@ -133,7 +152,7 @@ export const sendDocument = async ({
   // const fieldsWithSignerEmail = fields.map((field) => ({
   //   ...field,
   //   signerEmail:
-  //     document.Recipient.find((recipient) => recipient.id === field.recipientId)?.email ?? '',
+  //     envelope.Recipient.find((recipient) => recipient.id === field.recipientId)?.email ?? '',
   // }));
 
   // const everySignerHasSignature = document?.Recipient.every(
@@ -148,7 +167,7 @@ export const sendDocument = async ({
   //   throw new Error('Some signers have not been assigned a signature field.');
   // }
 
-  const allRecipientsHaveNoActionToTake = document.recipients.every(
+  const allRecipientsHaveNoActionToTake = envelope.recipients.every(
     (recipient) =>
       recipient.role === RecipientRole.CC || recipient.signingStatus === SigningStatus.SIGNED,
   );
@@ -157,15 +176,15 @@ export const sendDocument = async ({
     await jobs.triggerJob({
       name: 'internal.seal-document',
       payload: {
-        documentId,
+        documentId: legacyDocumentId,
         requestMetadata: requestMetadata?.requestMetadata,
       },
     });
 
     // Keep the return type the same for the `sendDocument` method
-    return await prisma.document.findFirstOrThrow({
+    return await prisma.envelope.findFirstOrThrow({
       where: {
-        id: documentId,
+        id: envelope.id,
       },
       include: {
         documentMeta: true,
@@ -174,21 +193,21 @@ export const sendDocument = async ({
     });
   }
 
-  const updatedDocument = await prisma.$transaction(async (tx) => {
+  const updatedEnvelope = await prisma.$transaction(async (tx) => {
-    if (document.status === DocumentStatus.DRAFT) {
+    if (envelope.status === DocumentStatus.DRAFT) {
       await tx.documentAuditLog.create({
         data: createDocumentAuditLogData({
           type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_SENT,
-          documentId: document.id,
+          envelopeId: envelope.id,
           metadata: requestMetadata,
           data: {},
         }),
       });
     }
 
-    return await tx.document.update({
+    return await tx.envelope.update({
       where: {
-        id: documentId,
+        id: envelope.id,
       },
       data: {
         status: DocumentStatus.PENDING,
@@ -201,7 +220,7 @@ export const sendDocument = async ({
   });
 
   const isRecipientSigningRequestEmailEnabled = extractDerivedDocumentEmailSettings(
-    document.documentMeta,
+    envelope.documentMeta,
   ).recipientSigningRequest;
 
   // Only send email if one of the following is true:
@@ -218,7 +237,7 @@ export const sendDocument = async ({
           name: 'send.signing.requested.email',
           payload: {
             userId,
-            documentId,
+            documentId: legacyDocumentId,
             recipientId: recipient.id,
             requestMetadata: requestMetadata?.requestMetadata,
           },
@@ -229,10 +248,10 @@ export const sendDocument = async ({
 
   await triggerWebhook({
     event: WebhookTriggerEvents.DOCUMENT_SENT,
-    data: ZWebhookDocumentSchema.parse(mapDocumentToWebhookDocumentPayload(updatedDocument)),
+    data: ZWebhookDocumentSchema.parse(mapEnvelopeToWebhookDocumentPayload(updatedEnvelope)),
     userId,
     teamId,
   });
 
-  return updatedDocument;
+  return updatedEnvelope;
 };

packages/lib/server-only/document/send-pending-email.ts

@@ -1,6 +1,7 @@
 import { createElement } from 'react';
 
 import { msg } from '@lingui/core/macro';
+import { EnvelopeType } from '@prisma/client';
 
 import { mailer } from '@documenso/email/mailer';
 import { DocumentPendingEmailTemplate } from '@documenso/email/templates/document-pending';
@@ -9,18 +10,20 @@ import { prisma } from '@documenso/prisma';
 import { getI18nInstance } from '../../client-only/providers/i18n-server';
 import { NEXT_PUBLIC_WEBAPP_URL } from '../../constants/app';
 import { extractDerivedDocumentEmailSettings } from '../../types/document-email';
+import type { EnvelopeIdOptions } from '../../utils/envelope';
+import { unsafeBuildEnvelopeIdQuery } from '../../utils/envelope';
 import { renderEmailWithI18N } from '../../utils/render-email-with-i18n';
 import { getEmailContext } from '../email/get-email-context';
 
 export interface SendPendingEmailOptions {
-  documentId: number;
+  id: EnvelopeIdOptions;
   recipientId: number;
 }
 
-export const sendPendingEmail = async ({ documentId, recipientId }: SendPendingEmailOptions) => {
+export const sendPendingEmail = async ({ id, recipientId }: SendPendingEmailOptions) => {
-  const document = await prisma.document.findFirst({
+  const envelope = await prisma.envelope.findFirst({
     where: {
-      id: documentId,
+      ...unsafeBuildEnvelopeIdQuery(id, EnvelopeType.DOCUMENT),
       recipients: {
         some: {
           id: recipientId,
@@ -37,11 +40,11 @@ export const sendPendingEmail = async ({ documentId, recipientId }: SendPendingE
     },
   });
 
-  if (!document) {
+  if (!envelope) {
     throw new Error('Document not found');
   }
 
-  if (document.recipients.length === 0) {
+  if (envelope.recipients.length === 0) {
     throw new Error('Document has no recipients');
   }
 
@@ -49,27 +52,27 @@ export const sendPendingEmail = async ({ documentId, recipientId }: SendPendingE
     emailType: 'RECIPIENT',
     source: {
       type: 'team',
-      teamId: document.teamId,
+      teamId: envelope.teamId,
     },
-    meta: document.documentMeta,
+    meta: envelope.documentMeta,
   });
 
   const isDocumentPendingEmailEnabled = extractDerivedDocumentEmailSettings(
-    document.documentMeta,
+    envelope.documentMeta,
   ).documentPending;
 
   if (!isDocumentPendingEmailEnabled) {
     return;
   }
 
-  const [recipient] = document.recipients;
+  const [recipient] = envelope.recipients;
 
   const { email, name } = recipient;
 
   const assetBaseUrl = NEXT_PUBLIC_WEBAPP_URL() || 'http://localhost:3000';
 
   const template = createElement(DocumentPendingEmailTemplate, {
-    documentName: document.title,
+    documentName: envelope.title,
     assetBaseUrl,
   });
 

packages/lib/server-only/document/update-document.ts

@@ -1,7 +1,7 @@
-import { DocumentVisibility } from '@prisma/client';
+import type { DocumentVisibility, Prisma } from '@prisma/client';
-import { DocumentStatus, TeamMemberRole } from '@prisma/client';
+import { EnvelopeType, FolderType } from '@prisma/client';
+import { DocumentStatus } from '@prisma/client';
 import { isDeepEqual } from 'remeda';
-import { match } from 'ts-pattern';
 
 import { DOCUMENT_AUDIT_LOG_TYPE } from '@documenso/lib/types/document-audit-logs';
 import type { ApiRequestMetadata } from '@documenso/lib/universal/extract-request-metadata';
@@ -9,10 +9,12 @@ import type { CreateDocumentAuditLogDataResponse } from '@documenso/lib/utils/do
 import { createDocumentAuditLogData } from '@documenso/lib/utils/document-audit-logs';
 import { prisma } from '@documenso/prisma';
 
+import { TEAM_DOCUMENT_VISIBILITY_MAP } from '../../constants/teams';
 import { AppError, AppErrorCode } from '../../errors/app-error';
 import type { TDocumentAccessAuthTypes, TDocumentActionAuthTypes } from '../../types/document-auth';
 import { createDocumentAuthOptions, extractDocumentAuthMethods } from '../../utils/document-auth';
-import { getDocumentWhereInput } from './get-document-by-id';
+import { buildTeamWhereQuery, canAccessTeamDocument } from '../../utils/teams';
+import { getEnvelopeWhereInput } from '../envelope/get-envelope-by-id';
 
 export type UpdateDocumentOptions = {
   userId: number;
@@ -25,6 +27,7 @@ export type UpdateDocumentOptions = {
     globalAccessAuth?: TDocumentAccessAuthTypes[];
     globalActionAuth?: TDocumentActionAuthTypes[];
     useLegacyFieldInsertion?: boolean;
+    folderId?: string | null;
   };
   requestMetadata: ApiRequestMetadata;
 };
@@ -36,14 +39,18 @@ export const updateDocument = async ({
   data,
   requestMetadata,
 }: UpdateDocumentOptions) => {
-  const { documentWhereInput, team } = await getDocumentWhereInput({
+  const { envelopeWhereInput, team } = await getEnvelopeWhereInput({
-    documentId,
+    id: {
+      type: 'documentId',
+      id: documentId,
+    },
+    type: EnvelopeType.DOCUMENT,
     userId,
     teamId,
   });
 
-  const document = await prisma.document.findFirst({
+  const envelope = await prisma.envelope.findFirst({
-    where: documentWhereInput,
+    where: envelopeWhereInput,
     include: {
       team: {
         select: {
@@ -57,57 +64,70 @@ export const updateDocument = async ({
     },
   });
 
-  if (!document) {
+  if (!envelope) {
     throw new AppError(AppErrorCode.NOT_FOUND, {
       message: 'Document not found',
     });
   }
 
-  const isDocumentOwner = document.userId === userId;
+  const isEnvelopeOwner = envelope.userId === userId;
-  const requestedVisibility = data?.visibility;
-
-  if (!isDocumentOwner) {
-    match(team.currentTeamRole)
-      .with(TeamMemberRole.ADMIN, () => true)
-      .with(TeamMemberRole.MANAGER, () => {
-        const allowedVisibilities: DocumentVisibility[] = [
-          DocumentVisibility.EVERYONE,
-          DocumentVisibility.MANAGER_AND_ABOVE,
-        ];
 
+  // Validate whether the new visibility setting is allowed for the current user.
   if (
-          !allowedVisibilities.includes(document.visibility) ||
+    !isEnvelopeOwner &&
-          (requestedVisibility && !allowedVisibilities.includes(requestedVisibility))
+    data?.visibility &&
+    !canAccessTeamDocument(team.currentTeamRole, data.visibility)
   ) {
     throw new AppError(AppErrorCode.UNAUTHORIZED, {
       message: 'You do not have permission to update the document visibility',
     });
   }
-      })
-      .with(TeamMemberRole.MEMBER, () => {
-        if (
-          document.visibility !== DocumentVisibility.EVERYONE ||
-          (requestedVisibility && requestedVisibility !== DocumentVisibility.EVERYONE)
-        ) {
-          throw new AppError(AppErrorCode.UNAUTHORIZED, {
-            message: 'You do not have permission to update the document visibility',
-          });
-        }
-      })
-      .otherwise(() => {
-        throw new AppError(AppErrorCode.UNAUTHORIZED, {
-          message: 'You do not have permission to update the document',
-        });
-      });
-  }
 
   // If no data just return the document since this function is normally chained after a meta update.
   if (!data || Object.values(data).length === 0) {
-    return document;
+    return envelope;
+  }
+
+  let folderUpdateQuery: Prisma.FolderUpdateOneWithoutEnvelopesNestedInput | undefined = undefined;
+
+  // Validate folder ID.
+  if (data.folderId) {
+    const folder = await prisma.folder.findFirst({
+      where: {
+        id: data.folderId,
+        team: buildTeamWhereQuery({
+          teamId,
+          userId,
+        }),
+        type: FolderType.DOCUMENT,
+        visibility: {
+          in: TEAM_DOCUMENT_VISIBILITY_MAP[team.currentTeamRole],
+        },
+      },
+    });
+
+    if (!folder) {
+      throw new AppError(AppErrorCode.NOT_FOUND, {
+        message: 'Folder not found',
+      });
+    }
+
+    folderUpdateQuery = {
+      connect: {
+        id: data.folderId,
+      },
+    };
+  }
+
+  // Move to root folder if folderId is null.
+  if (data.folderId === null) {
+    folderUpdateQuery = {
+      disconnect: true,
+    };
   }
 
   const { documentAuthOption } = extractDocumentAuthMethods({
-    documentAuth: document.authOptions,
+    documentAuth: envelope.authOptions,
   });
 
   const documentGlobalAccessAuth = documentAuthOption?.globalAccessAuth ?? null;
@@ -120,14 +140,14 @@ export const updateDocument = async ({
     data?.globalActionAuth === undefined ? documentGlobalActionAuth : data.globalActionAuth;
 
   // Check if user has permission to set the global action auth.
-  if (newGlobalActionAuth.length > 0 && !document.team.organisation.organisationClaim.flags.cfr21) {
+  if (newGlobalActionAuth.length > 0 && !envelope.team.organisation.organisationClaim.flags.cfr21) {
     throw new AppError(AppErrorCode.UNAUTHORIZED, {
       message: 'You do not have permission to set the action auth',
     });
   }
 
-  const isTitleSame = data.title === undefined || data.title === document.title;
+  const isTitleSame = data.title === undefined || data.title === envelope.title;
-  const isExternalIdSame = data.externalId === undefined || data.externalId === document.externalId;
+  const isExternalIdSame = data.externalId === undefined || data.externalId === envelope.externalId;
   const isGlobalAccessSame =
     documentGlobalAccessAuth === undefined ||
     isDeepEqual(documentGlobalAccessAuth, newGlobalAccessAuth);
@@ -135,11 +155,12 @@ export const updateDocument = async ({
     documentGlobalActionAuth === undefined ||
     isDeepEqual(documentGlobalActionAuth, newGlobalActionAuth);
   const isDocumentVisibilitySame =
-    data.visibility === undefined || data.visibility === document.visibility;
+    data.visibility === undefined || data.visibility === envelope.visibility;
+  const isFolderSame = data.folderId === undefined || data.folderId === envelope.folderId;
 
   const auditLogs: CreateDocumentAuditLogDataResponse[] = [];
 
-  if (!isTitleSame && document.status !== DocumentStatus.DRAFT) {
+  if (!isTitleSame && envelope.status !== DocumentStatus.DRAFT) {
     throw new AppError(AppErrorCode.INVALID_BODY, {
       message: 'You cannot update the title if the document has been sent',
     });
@@ -149,10 +170,10 @@ export const updateDocument = async ({
     auditLogs.push(
       createDocumentAuditLogData({
         type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_TITLE_UPDATED,
-        documentId,
+        envelopeId: envelope.id,
         metadata: requestMetadata,
         data: {
-          from: document.title,
+          from: envelope.title,
           to: data.title || '',
         },
       }),
@@ -163,10 +184,10 @@ export const updateDocument = async ({
     auditLogs.push(
       createDocumentAuditLogData({
         type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_EXTERNAL_ID_UPDATED,
-        documentId,
+        envelopeId: envelope.id,
         metadata: requestMetadata,
         data: {
-          from: document.externalId,
+          from: envelope.externalId,
           to: data.externalId || '',
         },
       }),
@@ -177,7 +198,7 @@ export const updateDocument = async ({
     auditLogs.push(
       createDocumentAuditLogData({
         type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_GLOBAL_AUTH_ACCESS_UPDATED,
-        documentId,
+        envelopeId: envelope.id,
         metadata: requestMetadata,
         data: {
           from: documentGlobalAccessAuth,
@@ -191,7 +212,7 @@ export const updateDocument = async ({
     auditLogs.push(
       createDocumentAuditLogData({
         type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_GLOBAL_AUTH_ACTION_UPDATED,
-        documentId,
+        envelopeId: envelope.id,
         metadata: requestMetadata,
         data: {
           from: documentGlobalActionAuth,
@@ -205,19 +226,34 @@ export const updateDocument = async ({
     auditLogs.push(
       createDocumentAuditLogData({
         type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_VISIBILITY_UPDATED,
-        documentId,
+        envelopeId: envelope.id,
         metadata: requestMetadata,
         data: {
-          from: document.visibility,
+          from: envelope.visibility,
           to: data.visibility || '',
         },
       }),
     );
   }
 
+  // Todo: Decide if we want to log moving the document around.
+  // if (!isFolderSame) {
+  //   auditLogs.push(
+  //     createDocumentAuditLogData({
+  //       type: DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_FOLDER_UPDATED,
+  //       envelopeId: envelope.id,
+  //       metadata: requestMetadata,
+  //       data: {
+  //         from: envelope.folderId,
+  //         to: data.folderId || '',
+  //       },
+  //     }),
+  //   );
+  // }
+
   // Early return if nothing is required.
-  if (auditLogs.length === 0 && data.useLegacyFieldInsertion === undefined) {
+  if (auditLogs.length === 0 && data.useLegacyFieldInsertion === undefined && isFolderSame) {
-    return document;
+    return envelope;
   }
 
   return await prisma.$transaction(async (tx) => {
@@ -226,9 +262,10 @@ export const updateDocument = async ({
       globalActionAuth: newGlobalActionAuth,
     });
 
-    const updatedDocument = await tx.document.update({
+    const updatedDocument = await tx.envelope.update({
       where: {
-        id: documentId,
+        id: envelope.id,
+        type: EnvelopeType.DOCUMENT,
       },
       data: {
         title: data.title,
@@ -236,6 +273,7 @@ export const updateDocument = async ({
         visibility: data.visibility as DocumentVisibility,
         useLegacyFieldInsertion: data.useLegacyFieldInsertion,
         authOptions,
+        folder: folderUpdateQuery,
       },
     });